The Defender's Advantage Podcast

Mandiant

The Defender’s Advantage Podcast explores the world of cyber security and Mandiant through three distinct tracks. Threat Trends: Listen twice a month as host Luke McNamara interviews guests on the latest in cyber security research, the cyber landscape, and the latest news from Mandiant. Frontline Stories: Listen to Kerry Matre monthly as she is joined by notable guests on the frontlines of cyber security, including Mandiant customers, security professionals, and executives​. Skills Gap: Listen to Kevin Bordlemay each month for this series focusing on thoughts, ideas, and initiatives for narrowing the skills gap in cyber security.

  • 29 minutes 14 seconds
    How to Run an Effective Tabletop Exercise

    Mandiant Senior Consultant Alishia Hui joins host Luke McNamara to discuss all things tabletop exercise related. Alishia walks through the elements of a tabletop exercise, important preparatory steps, the success factors for a good exercise, and how organizations can implement lessons learned. 

    https://cloud.google.com/transform/the-empty-chair-guess-whos-missing-from-your-cybersecurity-tabletop-exercise

    https://www.mandiant.com/sites/default/files/2021-09/ds-tabletop-exercise-000005-2.pdf

    18 October 2024, 12:00 pm
  • 36 minutes 40 seconds
    Using LLMs to Analyze Windows Binaries

    Vicente Diaz, Threat Intelligence Strategist at VirusTotal, joins host Luke McNamara to discuss his research into using LLMs to analyze malware. Vicente covers how he used Gemini to analyze various windows binaries, the use cases this could help address for security operations, technical challenges with de-obfuscation, and more.

    For more on this topic: https://blog.virustotal.com/2023/04/introducing-virustotal-code-insight.html

    https://blog.virustotal.com/2024/04/analyzing-malware-in-binaries-and.html

    4 October 2024, 10:00 am
  • 27 minutes 20 seconds
    How Threat Actors Bypass Multi-Factor Authentication

    Josh Fleischer, Principal Security Analyst with Mandiant's Managed Defense organization sits down with host Luke McNamara to discuss trends in MFA bypass and how threat actors are conducting adversary in the middle (AiTM) attacks to gain access to targeted organizations. Josh walks through a case study of MFA bypass, how token theft occurs, the increasing amount of AiTM activity with more features being added to phishing kits, and more. 

    26 September 2024, 1:00 pm
  • 23 minutes 58 seconds
    TAG's Work Tracking Commercial Surveillance Vendors

    Host Luke McNamara is joined by Clement Lecigne, security researcher at Google's Threat Analysis Group (TAG) to discuss his work tracking commercial surveillance vendors (CSVs). Clement dives into the history and evolution of the CSV industry, how these entities carry out operations against platforms like mobile, and the nexus of this problem into the increasing rise of zero-day exploitation. 

    For more on TAG's work on CSVs:
    https://blog.google/threat-analysis-group/state-backed-attackers-and-commercial-surveillance-vendors-repeatedly-use-the-same-exploits/

    https://blog.google/threat-analysis-group/commercial-surveillance-vendors-google-tag-report/

    https://blog.google/threat-analysis-group/googles-efforts-to-identify-and-counter-spyware/


    4 September 2024, 6:00 pm
  • 36 minutes 13 seconds
    What Iranian Threat Actors Have Been Up To This Year

    Mandiant APT Researcher Ofir Rozmann joins host Luke McNamara to discuss some notable Iranian cyber espionage actors and what they have been up to in 2024. Ofir covers campaigns from suspected IRGC-nexus actors such as APT42 and APT35-related clusters, as well as activity from TEMP.Zagros.  

    For more on this topic, please see:  

    https://blog.google/technology/safety-security/tool-of-first-resort-israel-hamas-war-in-cyber/

    https://cloud.google.com/blog/topics/threat-intelligence/untangling-iran-apt42-operations?e=48754805

    https://cloud.google.com/blog/topics/threat-intelligence/suspected-iranian-unc1549-targets-israel-middle-east?e=48754805


    25 July 2024, 11:00 am
  • 32 minutes
    Mandiant's Approach to Securely Using AI Solutions

    Mandiant Consultants Trisha Alexander, Muhammed Muneer, and Pat McCoy join host Luke McNamara to discuss Mandiant's recently launched services for securing AI. They discuss how organizations can proactively approach securing the implementation of AI workloads, red-team and test these security controls protecting generative AI models in production, and then also employ AI within the security organization itself. 

    For more, please see: https://cloud.google.com/security/solutions/mandiant-ai-consulting

    27 June 2024, 6:00 pm
  • 30 minutes 16 seconds
    Lessons Learned from Responding to Cloud Compromises

    Mandiant consultants Will Silverstone (Senior Consultant) and Omar ElAhdan (Principal Consultant) discuss their research into cloud compromise trends over 2023.  They discuss living off the land techniques in the cloud, the concept of the extended cloud attack surface, how organizations can better secure their identities, third party cloud compromise trends, and more.  

    Will and Omar's talk at Google Next: https://www.youtube.com/watch?v=Fg13kGsN9ok&t=2s


    3 June 2024, 6:00 pm
  • 29 minutes 54 seconds
    The ORB Networks

    Michael Raggi (Principal Analyst, Mandiant Intelligence) joins host Luke McNamara to discuss Mandiant's research into China-nexus threat actors using proxy networks known as “ORBs” (operational relay box networks). Michael discusses the anatomy and framework Mandiant developed to map out these proxy networks, how ORB networks like SPACEHOP are leveraged by China-nexus APTs, and what this all means for defenders. 

    For more,  check out: https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-orb-networks

    Follow Michael on X at @aRtAGGI 

    22 May 2024, 1:00 pm
  • 27 minutes 47 seconds
    Investigations Into Zero-Day Exploitation of the Ivanti Connect Secure Appliances

    Mandiant Principal Analysts John Wolfram and Tyler McLellan join host Luke McNamara to discuss their research in the "Cutting Edge" blog series, a series of investigations into zero-day exploitation of Ivanti appliances.  John and Tyler discuss the process of analyzing the initial exploitation, and the attribution challenges that emerged following the disclosure and widespread exploitation by a range of threat actors.  They also discuss the role a suspected Volt Typhoon cluster played into the follow-on exploitation, and share their thoughts on what else we might see from China-nexus zero-day exploitation of edge infrastructure this year.  

    For more on this research, please check out: 

    Cutting Edge, Part 1: https://cloud.google.com/blog/topics/threat-intelligence/suspected-apt-targets-ivanti-zero-day
    Cutting Edge, Part 2: https://cloud.google.com/blog/topics/threat-intelligence/investigating-ivanti-zero-day-exploitation
    Cutting Edge, Part 3: https://cloud.google.com/blog/topics/threat-intelligence/investigating-ivanti-exploitation-persistence
    Cutting Edge, Part 4: https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement

    Follow John on X at  @Big_Bad_W0lf_
    Follow Tyler on X at @tylabs

    16 May 2024, 12:00 pm
  • 25 minutes 53 seconds
    M-Trends 2024 with Mandiant Consulting Vice President Jurgen Kutscher

    Jurgen Kutscher, Mandiant Vice President for Consulting, joins host Luke McNamara to discuss the findings of the M-Trends 2024 report.  Jurgen shares his perspective on the "By the Numbers" data, the theme of evasion of detection in this year's report, and how Mandiant consultants have been leveraging AI in purple and red teaming operations. 

    For more on the M-Trends 2024 report: http://cloud.google.com/security/m-trends

    29 April 2024, 5:00 pm
  • 40 minutes 54 seconds
    Assessing the State of Multifaceted Extortion Operations

    Kimberly Goody, Head of Mandiant's Cyber Crime Analysis team and Jeremy Kennelly, Lead Analyst of the same team join host Luke McNamara to breakdown the current state of ransomware and data theft extortion. Kimberly and Jeremy describe how 2023 differed from the activity they witnessed the year prior, and how changes in the makeup of various groups have played out in the threat landscape, why certain sectors see more targeting, and more.

    11 April 2024, 10:00 am
  • More Episodes? Get the App
© MoonFM 2024. All rights reserved.