

Microsoft Threat Intelligence Podcast
Microsoft
Join us to hear stories from the Microsoft Threat Intelligence community as they navigate the ever-evolving threat landscape - uncovering APTs, cybercrime gangs, malware, vulnerabilities, and other weird and cool tools and tactics in the world of cyber threats. Featuring tales of innovation, teamwork, and cyber espionage, tune in to hear in-depth analyses of Microsoft's influence on the threat landscape and behind the scenes stories from the tireless researchers and analysts that take part. This enthralling and insightful podcast is delivered in a casual, conversational style that transports you to the frontlines of cyber defense.
Episodes
Mentioned books

Aug 27, 2025 • 44min
Live from Black Hat: Ransomware, Responsible Disclosure, and the Rise of AI
Tom Gallagher, VP of Engineering at Microsoft's Security Response Center, discusses the importance of responsible disclosure in cybersecurity and the exciting $5 million Zero Day Quest initiative. Eric Olson, Principal Security Researcher, dives into the explosive evolution of ransomware and social engineering tactics. He highlights the drastic reduction in ransomware dwell times to mere minutes and the emerging threat of AI-enhanced phishing attacks. Together, they emphasize the need for collaboration between researchers and security teams to combat these growing threats.

27 snips
Aug 7, 2025 • 1h 18min
How Microsoft Stays Ahead of the World’s Most Dangerous Hackers
Aarti Borkar is the VP of Security at Microsoft, focusing on proactive measures, while Simeon Kakpovi tracks crime-based threat actors, and Andrew Rapp specializes in incident response. They discuss how legal tactics disrupt threat actors and the necessity of rehearsed incident response plans. Snow, co-founder of the Social Engineering Community Village at DEF CON, shares her unique journey from special effects to social engineering, emphasizing empathy and creativity as powerful tools in security testing. The conversation highlights the emotional toll on defenders and the evolving nature of cyber threats.

14 snips
Jul 23, 2025 • 45min
Inside Microsoft’s Global Operation to Disrupt Lumma Stealer’s 2,300-Domain Malware Network
Richard Boscovich, Assistant General Counsel at Microsoft’s Digital Crimes Unit, and Derek Richardson, Principal Investigator at the same unit, dive into the impressive takedown of Lumma Stealer's vast malware network. They discuss innovative legal strategies like the RICO Act and the importance of global collaboration with partners such as Europol. The conversation reveals how Microsoft seized 2,300 domains to protect hundreds of thousands of victims and hints at a new era of persistent cybercrime disruption that may redefine cybersecurity operations.

Jul 9, 2025 • 1h 33min
Tips from Grifter and Lintile for Attending Hacker Summer Camp
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Grifter, the legendary Black Hat NOC lead, and Lintile, host of Hacker Jeopardy, to go behind the scenes of DEF CON and Black Hat. They unpack the chaos of managing the world’s most hostile networks, share advice for first-time attendees, and explore the vibrant hacker community that thrives on connection, contests, and lifelong friendships. The conversation also covers how to submit compelling CFP abstracts, why live events matter, and the controlled mayhem that defines Hacker Jeopardy each year in Las Vegas.
Heading to Black Hat? Join us at booth #2246 where we will be recording new episodes, and request to attend the VIP Mixer. We’ll also be hosting the BlueHat podcast, our friends from GitHub, and experts from our incident response team.
In this episode you’ll learn:
Why skipping talks at DEF CON to join contests and villages can be more valuable
Tips for crafting compelling CFP abstracts that stand out among 1,000+ submissions
The importance of connection and niche technical discussions in the hacker community
Some questions we ask:
What advice would you give to someone who has never been to DEF CON?
How does the team plan traps and misdirection in Hacker Jeopardy questions?
What do you think the community should focus on getting out of DEF CON?
Resources:
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Afternoon Cyber Tea with Ann Johnson
The BlueHat Podcast
Uncovering Hidden Risks
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

16 snips
Jun 25, 2025 • 41min
The Art and Science of Microsoft’s Red Team
Craig Nelson, leader of Microsoft’s elite Red Team and a veteran in simulating real-world attacks, shares pivotal insights on cybersecurity dynamics. He discusses how human behavior can influence security breaches and the importance of collaboration between red and blue teams. Craig explores the impact of AI on attacker tactics and stresses creative thinking in identifying vulnerabilities. He reflects on his journey from the ’90s hacker scene to navigating cloud security challenges, offering valuable advice for aspiring red teamers.

Jun 11, 2025 • 46min
A Peek Inside Microsoft’s Global Fight Against Cyber Threats
Recorded live at RSAC 2025, this special episode of the Microsoft Threat Intelligence Podcast, hosted by Sherrod DeGrippo, brings together Jeremy Dallman from the Microsoft Threat Intelligence and Steven Masada from Microsoft’s Digital Crimes Unit.
The panel explores the psychology and techniques behind nation-state and criminal cyber actors, how Microsoft innovatively uses legal and technical disruption to dismantle threats like Cobalt Strike and Storm-2139, and the growing trend of adversaries leveraging AI. From North Korean fake job interviews to China's critical infrastructure infiltration, this episode highlights how Microsoft is staying ahead of the curve—and sometimes even rewriting the playbook.
In this episode you’ll learn:
How targeting attacker techniques is more effective than chasing specific actors
The surprising ways threat actors use AI—for productivity, not just deepfakes
Why North Korean threat actors are building full-blown video games to drop malware
Some questions we ask:
What’s the role of Microsoft’s Digital Crimes Unit and how is it unique in the industry?
Why should cybersecurity professionals read legal indictments?
What impact did Microsoft’s legal actions have on tools like Cobalt Strike and Quakbot?
Resources:
View Jeremy Dallman on LinkedIn
View Steven Masada on LinkedIn
View Sherrod DeGrippo on LinkedIn
Bold action against fraud: Disrupting Storm-1152
Related Microsoft Podcasts:
Afternoon Cyber Tea with Ann Johnson
The BlueHat Podcast
Uncovering Hidden Risks
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

May 28, 2025 • 32min
Call of the Cyber Duty (A Global Cyber Challenge)
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Henning Rauch, to discuss Call of the Cyber Duty is a 42-hour global cybersecurity challenge hosted by Microsoft’s Kusto Detective Agency. The competition runs from 12:00 AM Coordinated Universal Time (UTC) on June 8, 2025, and ends at 12:00 AM UTC on June 18, 2025, at 10:00AM UTC. Once a team member opens the first case, they have 42 hours to complete it.Participants will solve a series of investigative puzzles using Kusto Query Language (KQL) — no prior Kusto experience required.
This free, gamified threat-hunting experience is open to individuals and teams, with a $10,000 grand prize, an interactive mystery plot, and a Hall of Fame for the top solvers. Expect fun twists, real-world security skills, and even a surprise appearance by mentalist Lior Suchard or the illusive Professor Smoke!
Later in the episode, Sherrod is joined by security researchers Anna Seitz and Rebecca Light to explore two evolving cyber threats. Anna breaks down the unprecedented collaboration between Russian state-affiliated threat actors Aqua Blizzard and Secret Blizzard, who are combining efforts to target Ukrainian military systems. Rebecca dives into the resurgence of DarkGate malware—this time delivered through a deceptive technique called ClickFix, which uses fake CAPTCHA-like prompts to trick users into activating malicious payloads.
In this episode you’ll learn:
What Kauzar V2 malware is and how it enables long-term remote access and data theft
How Russian threat groups Aqua Blizzard and Secret Blizzard are collaborating
Why DarkGate malware remains relevant thanks to its adaptability and evasion tactics
Some questions we ask:
Are Russian threat actors adopting cybercriminal tactics like initial access brokers?
How does Kauzar V2 malware function, and why is it significant in this campaign?
What is ClickFix, and how does it differ from typical malware delivery methods?
Resources:
View Henning Rauch on LinkedIn
View Rebecca Light on LinkedIn
View Anna Seitz on LinkedIn
View Sherrod DeGrippo on LinkedIn
🕵️♀️ Register for the challenge (free!) https://detective.kusto.io/register
🎬 Official trailer featuring Lior Suchard https://youtu.be/sPmTX0ZrnE
🌐 Event homepage (info hub) https://detective.kusto.io
Related Microsoft Podcasts:
Afternoon Cyber Tea with Ann Johnson
The BlueHat Podcast
Uncovering Hidden Risks
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

8 snips
May 14, 2025 • 41min
BadPilot: Inside Seashell Blizzard’s (AKA Sandworm) Global Cyber Espionage Campaign
Security researchers Anna Seitz and Megan Stalling from Microsoft dive deep into the BadPilot Campaign, revealing its ties to the notorious Seashell Blizzard group. They discuss how this subgroup targets industrial control systems using sneaky tactics like fake Zoom links to lure victims. The conversation highlights the importance of network detection in countering these evolving threats and explores the sophisticated social engineering techniques employed by North Korean hackers. This insightful dialogue uncovers the fascinating intersection of cyber espionage and technological adaptation.

11 snips
Apr 30, 2025 • 41min
Inside THOR Collective, a Dispersed Team Delivering Open-Source Research
Jamie Williams, a Threat Intelligence Researcher at Unit 42, joins Lauren Proehl, Global Head of Detection and Response at Marsh McLennan, to explore the innovative THOR Collective. They discuss the growing trend of social engineering scams and the importance of humor in InfoSec culture. The duo emphasizes making cybersecurity topics approachable and the value of engaging content in educating the community. They also touch on the role of AI in security and the rise of 'vibe coders,' highlighting the need for responsible tech use and collaboration in tackling cyber threats.

Apr 16, 2025 • 39min
Star Blizzard Shifts Tactics to Spear-Phishing on Whatsapp
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by security researchers Anna Seitz and Sarah Pfabe to dive into the activities of the Russian-aligned threat actor, Star Blizzard. Active since 2022, Star Blizzard recently shifted tactics by using WhatsApp for spear-phishing campaigns targeting government officials, NGOs, and academics. The team discusses how this change in approach may be a response to previous exposure of their tactics. They also explore the resilience of Star Blizzard, highlighting Microsoft's disruption of their operations, including the seizure of domains, and the ongoing threat posed by this actor despite legal actions. In this episode you’ll learn:
Why threat actors like Star Blizzard are highly resilient and quickly adapting
What steps users take to avoid falling victim to mobile malware
Challenges of monitoring WhatsApp activity and why this platform has become a target
Some questions we ask:
What role do QR codes play in Star Blizzard’s phishing campaigns?
Why do you think phishing continues to be the number one access vector?
How resilient is Star Blizzard when facing disruptions like domain seizures or legal actions?
Resources: View Sarah Pfabe on LinkedIn View Anna Seitz on LinkedIn View Sherrod DeGrippo on LinkedIn Related Microsoft Podcasts:
Afternoon Cyber Tea with Ann Johnson
The BlueHat Podcast
Uncovering Hidden Risks
Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security InsiderThe Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.