Paul's Security Weekly (Audio) Stopping The Bad Things - Rob Allen - PSW #857
4 snips
Jan 16, 2025 Rob from ThreatLocker discusses innovative strategies to disrupt attacker techniques, including zero trust and privilege escalation. The conversation highlights the security risks of unmanaged devices, particularly in home networks filled with unpatched smart gadgets. Humorous anecdotes from events like SchmooCon capture the camaraderie within the hacking community. The episode also delves into the importance of logging, automation in threat detection, and the vulnerabilities posed by outdated technology, all while reflecting on the necessity for continuous improvement in cybersecurity practices.
AI Snips
Chapters
Transcript
Episode notes
Privilege Misuse Causes Risk
- Rob Allen shared a story where local administrators had unnecessary privileges causing security risks.
- A customer removed those admins and used ThreatLocker to allow essential program elevation safely.
Assume Breach to Contain Damage
- Assume attackers already have admin access and limit what they can do.
- Making an environment hostile forces attackers to either be detected or move on to easier targets.
Automate Attack Detection
- Use automated tools like ThreatLocker Detect to sift through activity logs and identify anomalies.
- Set alerts for suspicious software usage like remote access tools to catch early compromise signs.