Listen to Talos security experts as they bring their hot takes on current security topics and Talos research to the table. Along the way Mitch, Liz, Matt and a rotating chair of special guests will talk about anything (and we mean anything) that's on their minds, from the latest YouTube trends to Olympic curling etiquette. New episodes every other Thursday.
Recorded 12/9/19 - We have a big announcement to make today! Check your feed for a few Ep’s of a new podcast from Talos - “Talos Takes”. On this Ep of BWT, we welcome Joe Marshall to the table - Joe is a Talos ICS/IoT tech lead and he stops by to discuss issues in the IoT space - macro and micro, from both the vendor and user perspectives. Check out the crew’s advice on staying secure in this IoT gift giving season.We will see you in the new year, and thanks for listening in 2019. Merry Christmas and Happy Holidays to all!!!
Full show notes on the Talos blog
Craig is out sick/injured/fighting robots (actually all three), so we brought in Sean Mason from Talos IR to talk shop today and give you the inside scoop on IR (and Sean’s next-level beard care regimen). How do incidents affect the enterprise and consumers? How has the advent of widespread ransomware fundamentally shifted the burden of responsibility in the c-suite and what have been the outcomes? What does a responder have in the bag when they arrive on-site?Full show notes on the Talos blog
Recorded 11/8/19 - Joel is out on PTO, so Mitch, Matt, Nigel, and Craig carry the banner this EP discussing how attackers approach targets like investors looks at portfolio. We also talk about how the most recent off-cycle elections in the US give us a glimpse of improvements and changes in election security. Finally, we take a quick look at popular scams and how attackers use seasonality to increase the relevance of their scam for emotional response.Full notes on the Talos Blog
Recorded 10/25/19 - Today is a bit different. We normally keep things pretty neutral on this show (not really), but today is all about the new service Talos is launching - say hello to Talos Incident Response. Amy Henderson from the Talos Intel and Interdiction group joins us as we discuss the full circle of threat intelligence - from global visibility to hyper local context, and how IR allows those feed each other to the improvement of both. Listen to the announcement as we discuss what IR is, what it means in general, and what Talos brings to that equation. We hope you are half as excited as we are, because that is still pretty dang excited. Lastly, Craig isn’t with us today, but you get to decide his fate for being dishonest with you, dear listeners. We will deliver you justice.
Full show notes - and more in-depth info on the Talos blog
Recorded 10/10/19 - This EP lives up to it’s name, by trying to only take on a minimal topic and then becoming completely convoluted. We start of with an extended round table (I even cut like half of it out) and then start talking about the trials and tribulations of making things too complex - from software to network design. If the devil is in the details, then the danger is in there being too many of them. We take two simple examples - PDF readers and a trip to the doctors office - and look at how the complexity jammed into the tech around these two things is where things become disturbingly dangerous.
Full show notes on the Talos blog
Recorded 9/27/19 - We are down Matt and Joel today, so Mitch, Craig, and Nigel are taking you through this EP. We cover some recent posts from Talos with Divergent and Tortoiseshell. Turns out, people get a bit excited when you target US veterans with malware - even other malware authors thinks that’s scummy. That takes us into a chat about social engineering in general and we end up talking about some interesting stuff with unpatchable vulns and why deleting /var on install could be described as a bad idea for a Chrome update.
Full show notes on the Talos blog
Recorded 9/13/19 - In one of our rantier episodes of late, the BWT crew dives into the ongoing insidiousness that is cryptomining with Watchbog, and then we turn our attention to some idiot that thinks charging people $50 to bypass MFA on their own machines is a swell idea, because nothing bad can happen there, right? RIGHT?! Finally, we take a look at some recent breaches and the trend of attempting to downplay the severity of a breach because the data ex-fil wasn’t “vital or important”. Again, what can go wrong with that line of thinking? This is fine. Everything is just fine. Security is solved, we can go home now.Full show notes on the Talos blog
Recorded 8/30/19 - In this extra-sized EP, we cover a lot - starting with Retadup, and discussing the intricate workings of why it’s a bead idea to execute code on other computers without permission when you have no idea what that computer is doing. WannaCry is making some headlines again, but this time it isn’t WannaCry and frankly it’s not news. From the mobile ecosystem os battleground, Google’s Project0 announced several vulns in iOS that have been discovered being exploited in the wild, with some of the exploit chains leveraging 0-day. Most important development of the week is that journalists are now quoting Matt of his Twitter timeline and this is certain to end well.Full show notes available on the Talos blog
Recorded 8/16/19 - The understatement of the day would be the guys were in some kind of mood today… There is no explaining the way they are sometimes. We ended up discussing a lot of the awesome things that went on at Blackhat and DEFCON… like the time Matt and Mitch got ejected from the Aviation Village for recognizing the prowess of the greatest plane ever built. BRRRRRRT. And also the time Joel ejected himself from the Cisco party. Deeper in the EP we get into threat intelligence – what is it, how to find the intel you need, and how to leverage it to create value. Full show notes on the Talos blog
Recorded 8/2/19 - Yes, I know what today’s date is. We got really busy last week and I am sorry that the podcast is late. Really, I wish I wasn’t writing these notes at 12:#0r4-j3pofw…. What? Anyway, we talk about malvertising and dig into that ecosystem a bit looking at some of the competing priorities (hint: none of them are your privacy). We also discuss BlueKeep making its debut in Canvas and surely soon to follow in other fine pen testing platforms. We use that opportunity to review a little bit of RDP knowledge and defense. We’re recording again tomorrow and I really don’t want to hear what my co-hosts will say if this isn’t out by then, so I’m going to go hit publish now. Full show notes on the Talos blog