Jason Haddix, founder of Arcanum Security and CISO at Flare, discusses his transition from gaming to cybersecurity. He highlights Flare's innovative threat intelligence approach that detects compromised credentials on the dark web, tackling advanced malware techniques like RedLine Stealer. Jason also shares insights on the pervasive challenges of credential theft, emphasizing the importance of robust exposure management. His journey of founding Arcanum and its focus on security training, alongside AI's role in enhancing cybersecurity strategies, makes for a captivating conversation.
30:11
forum Ask episode
web_stories AI Snips
view_agenda Chapters
menu_book Books
auto_awesome Transcript
info_circle Episode notes
question_answer ANECDOTE
Flare's Red Team Success
Jason Haddix found Flare's credentials to be significantly more effective than other vendors in red team tests.
Five out of his last six engagements in 2023 were successful due to Flare's data from the dark web and Telegram.
insights INSIGHT
Shifting Adversary Tactics
Adversaries prioritize easily obtainable credentials from the dark web before resorting to traditional hacking methods.
This shift in tactics necessitates tools like Flare, which monitors these sources for compromised data.
insights INSIGHT
Cookie-Based 2FA Bypass
Stolen cookies bypass 2FA, granting unauthorized access.
Cookies provide persistent authentication, eliminating the need for repeated password entry.
Get the Snipd Podcast app to discover more snips from this episode
The Name of the Wind is a heroic fantasy novel that tells the life story of Kvothe, an infamous adventurer and musician. The story is presented in a 'story-within-a-story' format, where Kvothe recounts his life to a scribe named Chronicler. The narrative spans from Kvothe's childhood in a troupe of traveling performers to his years as a student at a prestigious school of magic, and through various trials and hardships. The book is renowned for its vivid world-building, rich dialogue, and the emotional depth of its characters[2][4][5].
In this conversation, I speak with Jason Haddix, founder of Arcanum Security and CISO at Flare.
We talk about:
Flare's Unique Approach to Threat Intelligence: How Flare's capability to uncover compromised credentials and cookies from the dark web and private forums has been crucial in red team engagements.
Challenges of Credential Theft and Advanced Malware Techniques: How adversaries utilize tools like the RedLine Stealer malware to gather credentials, cookies, and other sensitive information, and this stolen data enables attackers to bypass authentication protocols, emphasizing the need for comprehensive exposure management.
Jason's Journey To Founding Arcanum & Arcanum's Security Training Programs: How Jason now advises on product development and threat intelligence as Flare's CISO and his journey to fund Arcanum, a company focused on red teaming and cybersecurity, and Arcanum's specialized training programs focusing on offensive security and using AI in security roles.
And more
Introduction to the Podcast (00:00:00) Guest Excitement on Podcast (00:00:20) Jason's New Business and Flare Role (00:00:24) Career Shift from Ubisoft to Red Teaming (00:01:02) Evolution of Adversary Tactics (00:02:04) Flare's Credential Exposure Management (00:02:58) Synergy Between Arcanum and Flare(00:03:55) Dark Web Credential Compromise (00:04:45) Challenges with Two-Factor Authentication (00:06:25) Cookie Theft and Unauthorized Access (00:07:39) Redline Malware and Its Impact (00:08:12) Flare's Research Capabilities (00:09:50) Potential for Advanced Malware Detection (00:11:40) Expansion of Threat Intelligence Services (00:12:15) Vision for a Unified Security Dashboard (00:13:25) Integrating Threat Intelligence with Identity Management (00:14:00) Credential Update Notifications via API (00:15:54) Automated Credential Management Potential (00:17:28) AI Features in Security Platforms (00:17:32) Exploration of Automated Security Responses (00:18:38) Introduction to Arcanum Security (00:19:25) Overview of Arcanum Training Courses (00:20:25) Necessity for Up-to-Date Training (00:22:15) Guest Experts in Training Sessions (00:23:08) Upcoming Features for Flare (00:25:11) Integrating Vulnerability Management (00:28:08) Accessing Flare's Free Trial (00:28:25) Learning More About Arcanum (00:29:09)
Unsupervised Learning 