Talos Takes

Jon doesn’t have any children. So he found someone who does — Beers with Talos’ own Craig Williams — to talk about remote learning. Children are back to school, and many of them are doing so online. Craig and Jon talk about DNS filters, parental controls, meeting passwords and more that are sure to help parents and teachers adjust to this new normal.

Snort researcher and rule-writer Nick Mavis takes time out of his busy schedule to join us again this week. Nick recently published a research paper on the bevy of detection he wrote for Cobalt Strike, a tool attackers are increasingly using. Nick talks about his process of working on the paper, why Cobalt Strike has become so popular and what he learned during the research process.

On this week’s episode, Edmund Brumaghin joins the show again to talk about a recent blog post on Salfram. This threat actor is spreading lots and lots of spam and using it to deliver a variety of malware. Here’s why this threat specifically caught our eye and how it’s evolving over time.

This week’s episode is actually an excerpt from our recently released roundtable on disinformation and American election security. This is a small part of our larger discussion on fake news, state-sponsored actors using fake social media accounts, and what can be done to combat the spread of disinformation. To see the whole thing, click here.

Talos intakes a ridiculous amount of information every day. So how do we parse what is and isn’t important enough to share? In this episode of Talos Takes, Amy Henderson from our Threat Intelligence and Interdiction team talks about our information-sharing partnerships with both private and public entities. How do we disseminate important information to our friends in the field? And why are security organizations like the Cyber Threat Alliance so important?

On this episode of Talos Takes, we talk all about attribution. Our guest, Martin Lee, recently co-authored a post on the hurdles government agencies and private researchers alike face when trying to place blame for a cyber attack. Martin talks about why we’re so obsessed with placing the blame, what false flags are and what helpful things can actually come from attributing a threat.

There are so many options now for basic web browsing. There are ad-blocking plugins, privacy browsers, incognito mode, password managers — but for the average user, this can be a lot to keep up with. In this episode of Talos Takes, we dissect all these options and talk about what your best options are to keep your information safe while doing some everyday web browsing.

Honeypots are an important part of threat research and detection. In this episode of Talos Takes, we talk to Christopher Evans, who is our resident honeypot expert at Talos. Chris talks about how he uses them every day, why they’re important to Talos’ overall mission and balancing the use of them with the potential for making attackers smarter.

This week’s Talos Takes episode is another malware deep dive. Edmund Brumaghin joins the show to talk about WastedLocker, a recent ransomware family he and some other Talos researchers reverse-engineered. Here’s everything you need to know about what makes this threat unique and how it uses LoLBins to survive.

LoLBins sound like they’d be funny, but they’re anything but. These “living-off-the-land binaries” make it so that attackers can more easily hide on your system as they disguise themselves as legitimate processes. On this episode of Talos Takes, Nick Biasini talks about what LoLBins are, exactly, how adversaries use them and how you can spot them on your environment.