The Cybersecurity Defenders Podcast

A hosted panel discussion with industry leaders to explore the advantages of the SecOps Cloud Platform for product builders.The panel is moderated by LimaCharlie's Head of Product, Ross Haleliuk. The panel participants are:Founder & CTO of Recon InfoSec, Eric CapuanoLead Incident Detection Engineer at Blumira, Amanda BerlinWhat is the SecOps Cloud Platform?The SecOps Cloud Platform is a construct for delivering the core components needed to secure and monitor any given organization: things like, deploying endpoint capabilities through a single agent regardless of the technology, alerting and correlating from logs regardless of the source, automating analysis and response regardless of the environment.The SecOps Cloud Platform is:An environment where many solutions can exist, not as a collection of random tools, but as a series of cybersecurity solutions designed to interoperate in an un-opinionated way, from the ground up; where powerful systems can be put in place at incredible speeds.An environment fundamentally open through APIs, documentation, integrability, affordability; making it a neutral space for all cybersecurity professionals, whether they’re in enterprise, services or vendors to build appropriate solutions.The SecOps Cloud Platform is not where data goes to die—it’s a fabric, a sandbox ready for you to use, but also ready to disseminate data and insights to other systems as needed in cost-effective ways.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. The return of the Racoon Stealer after temporarily being disrupted.EclecticIQ, analysts have assessed with high-confidence two observed PDF documents that are part of an ongoing campaign targeting Ministries of Foreign Affairs of NATO aligned countries.MalwareBytes is following up on a tech support scam campaign dubbed WoofLocker.The threat research team at BlackBerry has discovered and documented new tools used by the Cuba ransomware threat group.SentinelOne are reporting a new iteration of the XLoader malware-as-a-service infostealer and botnet .The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of The Cybersecurity Defenders Podcast, we chat with John Hammond, Principal Security Researcher at Huntress, about security research.John Hammond is a cybersecurity researcher, educator and content creator. As part of the Threat Operations team at Huntress, John spends his days making hackers earn their access and helping tell the story. Previously, as a Department of Defense Cyber Training Academy instructor, he taught the Cyber Threat Emulation course, educating both civilian and military members on offensive Python, PowerShell, other scripting languages and the adversarial mindset. He has developed training material and information security challenges for events such as PicoCTF and competitions at DEFCON US. John speaks at security conferences such as BsidesNoVA, to students at colleges such as the US Naval Academy, and other online events including the SANS Holiday Hack Challenge/KringleCon. He is an online YouTube personality showcasing programming tutorials, CTF video walkthroughs and other cyber security content. John currently holds the following certifications: Security+, CEH, LFS, eJPT, eCPPT, PNPT, PCAP, OSWP, OSCP, OSCE, OSWE, OSEP, and OSED (OSCE(3)).The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of The Cybersecurity Defenders Podcast, we chat with Maxime Lamothe-Brassard, Founder & CEO of LimaCharlie, about the SecOps Cloud Platform.The SecOps Cloud Platform is a construct for delivering the core components needed to secure and monitor any given organization: things like, deploying endpoint capabilities through a single agent regardless of the technology, alerting and correlating from logs regardless of the source, automating analysis and response regardless of the environment.The SecOps Cloud Platform is:An environment where many solutions can exist, not as a collection of random tools, but as a series of cybersecurity solutions designed to interoperate in an un-opinionated way, from the ground up; where powerful systems can be put in place at incredible speeds.An environment fundamentally open through APIs, documentation, integrability, affordability; making it a neutral space for all cybersecurity professionals, whether they’re in enterprise, services or vendors to build appropriate solutions.The SecOps Cloud Platform is not where data goes to die—it’s a fabric, a sandbox ready for you to use, but also ready to disseminate data and insights to other systems as needed in cost-effective ways.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

Beginning on January 13th, 2022, a Russian APT installed wiper malware on the IT networks of government, NGO, and IT companies across Ukraine. The malicious program was designed to appear like ransomware, but contained no recovery feature – it simply destroyed any computer it wished. Just one day later, hackers from the intelligence service of Belarus – Russia’s close ally – took down 70 websites belonging to the Ukrainian government. This was tilling – laying down the foundation for an all-out ground attack. Plastered on the 70 downed websites was a message from the attackers: “be afraid,” they wrote, and expect the worst.”The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. A new injector written in Rust is used to inject shellcode and introduce XWorm into a victim’s environment.Multiple cases where the SugarCRM was the initial attack vector and allowed threat actors to gain access to AWS accounts.Statc Stealer is a sophisticated malware that infects devices powered by Windows, gains access to computer systems and steals sensitive information.Patrick Wardle's research says that macOS's Background Task Manager can be easily bypassed and that Apple failed to act on his recommendations to fix it.CISA are reporting on the Seaspy and Whirlpool backdoors after obtaining malware samples from a compromised device.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of The Cybersecurity Defenders Podcast, we chat with David Burkett, Founder of Signalblur, about the growing threat of Linux ransomware.David is a dedicated and highly experienced Cloud Detection Engineer and Security Architect, with a proven track record of building three different Cyber Security Operations Centers for multiple MSSP/MDR providers.His expertise is backed by a strong set of GIAC certifications, including GCTI, GCIA, GPYC, and GCED... among others. David is proud to have been part of a security team that won the prestigious James S. Cogswell Outstanding Industrial Security Achievement Award from the Defense Counterintelligence and Security Agency. David is constantly seeking opportunities to grow and learn and is eager to connect with like-minded professionals in the cybersecurity domain. The article on Linux ransomware referenced in the podcast can be found here: A Deep Dive into Linux Ransomware ResearchAnd David's previous appearance on the show can be found here: Episode #6The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of The Cybersecurity Defenders Podcast we host a panel discussion with industry leaders and explore the advantages of the SecOps Cloud Platform for securing enterprise organizations.The panel is moderated by LimaCharlie's Chief Revenue Officer, Jessica Crytzer. The panel participants are:Founder & CEO of LimaCharlie, Maxime Lamothe-BrassardFounder & CEO of Turngate, Bruce Potter Head of Product, Interpres Security, Fred WilmotPrincipal Consultant at Higgins Cybersecurity Consulting, Sean HigginsWhat is the SecOps Cloud Platform?The SecOps Cloud Platform is a construct for delivering the core components needed to secure and monitor any given organization: things like, deploying endpoint capabilities through a single agent regardless of the technology, alerting and correlating from logs regardless of the source, automating analysis and response regardless of the environment.The SecOps Cloud Platform is:An environment where many solutions can exist, not as a collection of random tools, but as a series of cybersecurity solutions designed to interoperate in an un-opinionated way, from the ground up; where powerful systems can be put in place at incredible speeds.An environment fundamentally open through APIs, documentation, integrability, affordability; making it a neutral space for all cybersecurity professionals, whether they’re in enterprise, services or vendors to build appropriate solutions.The SecOps Cloud Platform is not where data goes to die—it’s a fabric, a sandbox ready for you to use, but also ready to disseminate data and insights to other systems as needed in cost-effective ways.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. Decoy Dog is a malware toolkit that cleverly uses DNS to perform command and control.Breaking down the infection chain for Casbaneiro, another banking trojan targeting Latin America.An initial-access malware campaign that leverages malicious advertising - or malvertising - to impersonate legitimate software and compromise business networks.The VirusTotal Malware Trends Report: Emerging Formats and Delivery Techniques.Trellix Advanced Research Center who have identified a novel method for exploiting the ‘search-ms” protocol handler.The source code of the BlackLotus Unified Extensible Firmware Interface - or UEFI - rootkit was leaked on GitHub.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of The Cybersecurity Defenders Podcast, we chat with David Seidman, Head of Detection & Response at Robinhood, about building high-performance teams.David manages the Detection & Response team at Robinhood,  and is responsible for detection, incident response, and D&R infrastructure. Robinhood's Platform team develops the "pipes and engines": log ETL, transport, data lake, Splunk, SIEM, SOAR, experimental tech, etc. Robinhood emphasizes engineering excellence and agility - they are moving fast and getting a lot done. The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.