

Breaking Badness
DomainTools
Where timely and relevant security meets puns and witty banter. Our goal is to keep defenders apprised of pertinent news and trends in under forty-five minutes.
Episodes
Mentioned books

Jul 10, 2025 • 47min
Why DNS Is Still the Biggest Blind Spot in Threat Intelligence
In this episode, DomainTools' Daniel Schwalbe is joined by Renee Burton (Infoblox), Raymond Dijkxhoorn (Surbl), and Peter Lowe (FIRST.org) to unpack the inaugural DomainTools Intelligence Report and what it reveals about DNS-based threats in 2024. The panel digs into evolving detection challenges, the pitfalls of domain scoring, the growing complexity of threat actor behavior, and why industry collaboration continues to lag.
They explore topics like aging domains, TLD abuse, data sharing barriers, and the creative lengths bad actors go to avoid detection. Whether you're building threat intel tools or blocking domains at the edge, this conversation is a must-listen for anyone in DNS-based security.

Jul 3, 2025 • 17min
From Newsroom to Threat Room: Audra Streetman’s Journey into Cybersecurity
In this episode of Breaking Badness, Kali Fencl sits down with Audra Streetman, a former journalist turned threat intelligence analyst at Splunk. Audra shares her journey from local newsrooms to the frontlines of cybersecurity, detailing how her storytelling skills translate directly into threat research.
Audra walks us through how ransomware attacks like JBS Foods and the Excellion breach sparked her pivot into cyber. She dives deep into persistent threat tactics, such as file transfer appliance exploitation, the growing risk of cloud infrastructure attacks, and North Korean IT worker scams.
If you're a cybersecurity professional, a curious career switcher, or someone looking to stay ahead of threat actor trends, this episode delivers real insight with practical relevance.

Jun 26, 2025 • 24min
Exposing Your Attack Surface on Purpose: API Chaos, AI Risk, and Quantum Reality
The discussion delves into the speaker's journey from penetration testing to becoming a CISO, emphasizing API security challenges. It touches on complexities organizations face in multi-cloud environments. The rapid evolution of AI technology is scrutinized, with concerns over its misuse and geopolitical implications. The importance of adapting cybersecurity practices to manage evolving attack surfaces is highlighted, alongside proactive strategies for critical infrastructure. The need for effective communication and foundational practices in security is underscored.

Jun 18, 2025 • 40min
Zero-Knowledge Threats, Shadow AI, and the Future of Cyber Attribution
Join experts Yonatan Khen from Hunters, Tal Darsan, and Etay Maor from Cato Networks as they unpack the latest in cyber threats. They delve into AI-powered evasion tactics used by attackers, drawing lessons from notorious ransomware groups. Khen reveals key insights on a privilege escalation vulnerability in Google Workspace, shedding light on modern cloud attack vectors. The conversation also touches on the complexities of cyber attribution and the growing challenges posed by shadow AI, emphasizing the need for proactive security measures.

Jun 11, 2025 • 45min
Inside Ransomware’s Supply Chain: Attribution, Rebrands, and Affiliate Betrayal
In this RSA Conference 2025 special episode, we explore two critical frontiers shaping the
future of cybersecurity.
First, Jon DiMaggio (Author of The Ransomware Diaries, Analyst1) breaks down the hidden
supply chains behind ransomware gangs, including the economics of affiliate betrayal and the
challenge of accurate attribution. He walks us through his methodology for identifying
ransomware rebrands like BlackCat and RansomHub using evidence-based frameworks
designed to eliminate human bias.
Then we’re joined by Matt Radolec (VP of Incident Response at Varonis), who brings a fresh
perspective on talent development in cybersecurity. Drawing from his keynote "From Gamer to
Leader", Matt argues that gamers possess untapped potential as cybersecurity professionals
and it’s time to design leadership pipelines like quest lines.
From ransomware negotiations on underground forums to using AI-enhanced playbooks and
transforming threat response teams into RPG-style guilds, this episode blends technical insight
with cultural reflection.

Jun 4, 2025 • 1h 8min
Beyond the Perimeter: How Attackers Use Domains, Phishing & AI and How to Fight Back
Welcome to a special RSAC 2025 episode of the Breaking Badness Cybersecurity Podcast!
Today, we delve into the critical role of domains in modern cyber attacks. From sophisticated nation-state operations to AI-powered phishing kits and malicious browser extensions, domains are the foundational infrastructure for threat actors.
Host Kali Fencl is joined by four leading cybersecurity experts Joe Slowik, Robert Duncan, John Fokker and Vivek Ramachandran to
break down how domains are weaponized and what organizations can do to defend themselves on this ever-evolving frontline

May 28, 2025 • 23min
It Takes a Village to Secure AI
In this episode of Breaking Badness, we sit down with Raji Vannianathan, a cybersecurity leader at Microsoft driving the charge on AI security and safety. Raji shares her experience leading the team responsible for managing the end-to-end lifecycle of AI vulnerability disclosures, building proactive safety frameworks, and cultivating a global community of AI security researchers.
From developing Microsoft's AI Bug Bar to launching the "Guardians of AI Safety" Discord
community, she brings both vision and practical strategies to a rapidly evolving field.
We discuss the shifting threat landscape as threat actors begin to leverage generative AI, the
critical need for shared language and cross-functional collaboration, and how Microsoft is
thinking about trust, transparency, and incident response in the AI era. If you’re navigating the
challenges of AI risk, vulnerability coordination, or ethical deployment, this is an essential listen.

May 14, 2025 • 23min
Building Secure Campaigns and Better Humans: A Conversation with Mick Baccio
In this episode of Breaking Badness, Kali Fencl sits down with Mick Baccio, Global Security
Advisor at Splunk and former CISO for Pete Buttigieg’s 2020 presidential campaign. Mick
shares his journey from aspiring Navy nuclear engineer to leading security in some of the
highest-stakes environments, including the White House.
They explore how threat intelligence, storytelling, and mentorship shape the future of
cybersecurity. From his early days in government to his work on the Splunk SURGe team, Mick
opens up about what it takes to build secure systems, stronger teams, and more empathetic
leadership in cybersecurity.

May 7, 2025 • 22min
Hacking the Stage: John Donovan on RSAC, BSides SF, and the Human Side of Cybersecurity
In this episode of Breaking Badness, we sit down with John Donovan of ZEDEDA to unpack the
lighter and more profound sides of cybersecurity’s biggest gatherings. From RSA’s unexpected
baby goats and vendor booth antics to BSides San Francisco’s community-driven keynote
stage, John shares personal stories, industry insights, and valuable advice on how newcomers
and veterans alike can navigate events like RSA, BSides, and DEF CON. You’ll hear how he
"hacked" his way onto the main stage, what it means to wear a “No Purchasing Authority” pin,
and why protecting your mom from scams might be more urgent than defending your enterprise.

Apr 30, 2025 • 40min
Inside Morphing Meerkat and Proton66: How Cybercrime Is Getting Easier
In this episode of Breaking Badness, the crew investigates two escalating threats in the cybercrime ecosystem: the cleverly named phishing-as-a-service platform Morphing Meerkat, and the bulletproof hosting provider Proton66, a favorite among amateur cybercriminals.
First, they dig into how Morphing Meerkat uses DNS-over-HTTPS (DoH) and clever phishing kits to evade detection. Then, they shift focus to Proton66, a Russian-based bulletproof host that shelters a new generation of low-skill attackers, including a threat actor known as "Coquettte" with ties to the Horrid Hacking group.