The Defender’s Advantage Podcast explores the world of cyber security and Mandiant through three distinct tracks. Threat Trends: Listen twice a month as host Lu...
Jibran Ilyas (Consulting Leader, Mandiant Consulting) joins host Luke McNamara to discuss remediation as part of incident response. Jibran covers various scenarios (espionage and ransomware) and how they may differ in approaching remediation, how types of architecture could shape remediation efforts, non-technical components of the remediation phase, and more.
--------
40:59
How to Run an Effective Tabletop Exercise
Mandiant Senior Consultant Alishia Hui joins host Luke McNamara to discuss all things tabletop exercise related. Alishia walks through the elements of a tabletop exercise, important preparatory steps, the success factors for a good exercise, and how organizations can implement lessons learned. https://cloud.google.com/transform/the-empty-chair-guess-whos-missing-from-your-cybersecurity-tabletop-exercisehttps://www.mandiant.com/sites/default/files/2021-09/ds-tabletop-exercise-000005-2.pdf
--------
29:14
Using LLMs to Analyze Windows Binaries
Vicente Diaz, Threat Intelligence Strategist at VirusTotal, joins host Luke McNamara to discuss his research into using LLMs to analyze malware. Vicente covers how he used Gemini to analyze various windows binaries, the use cases this could help address for security operations, technical challenges with de-obfuscation, and more.For more on this topic: https://blog.virustotal.com/2023/04/introducing-virustotal-code-insight.htmlhttps://blog.virustotal.com/2024/04/analyzing-malware-in-binaries-and.html
--------
36:40
How Threat Actors Bypass Multi-Factor Authentication
Josh Fleischer, Principal Security Analyst with Mandiant's Managed Defense organization sits down with host Luke McNamara to discuss trends in MFA bypass and how threat actors are conducting adversary in the middle (AiTM) attacks to gain access to targeted organizations. Josh walks through a case study of MFA bypass, how token theft occurs, the increasing amount of AiTM activity with more features being added to phishing kits, and more.
--------
27:20
TAG's Work Tracking Commercial Surveillance Vendors
Host Luke McNamara is joined by Clement Lecigne, security researcher at Google's Threat Analysis Group (TAG) to discuss his work tracking commercial surveillance vendors (CSVs). Clement dives into the history and evolution of the CSV industry, how these entities carry out operations against platforms like mobile, and the nexus of this problem into the increasing rise of zero-day exploitation. For more on TAG's work on CSVs:https://blog.google/threat-analysis-group/state-backed-attackers-and-commercial-surveillance-vendors-repeatedly-use-the-same-exploits/https://blog.google/threat-analysis-group/commercial-surveillance-vendors-google-tag-report/https://blog.google/threat-analysis-group/googles-efforts-to-identify-and-counter-spyware/
The Defender’s Advantage Podcast explores the world of cyber security and Mandiant through three distinct tracks. Threat Trends: Listen twice a month as host Luke McNamara interviews guests on the latest in cyber security research, the cyber landscape, and the latest news from Mandiant. Frontline Stories: Listen to Kerry Matre monthly as she is joined by notable guests on the frontlines of cyber security, including Mandiant customers, security professionals, and executives. Skills Gap: Listen to Kevin Bordlemay each month for this series focusing on thoughts, ideas, and initiatives for narrowing the skills gap in cyber security.