The Defender's Advantage Podcast

Nick Guttilla and Emily Astranova, from Mandiant Consulting's Offensive Security team, join host Luke McNamara for an episode on voice-based phishing, or "vishing." Nick and Emily cover their respective blogs and experiences, diving into how they employ vishing techniques to social engineer organizations--both organically and using AI-powered voice cloning to mimic specific employees--during red team engagements.  https://cloud.google.com/blog/topics/threat-intelligence/technical-analysis-vishing-threats?e=48754805https://cloud.google.com/blog/topics/threat-intelligence/ai-powered-voice-spoofing-vishing-attacks?e=48754805.

JP Glab (Mandiant Consulting) joins host Luke to discuss responding to activity from North Korean IT workers. He walks through what initially triggered the investigation at this organization, how it progressed in parallel with an HR investigation, and ultimately what was discovered. For more on the DPRK IT workers and trends in incident response, check out Mandiant's 2025 M-Trends report. https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2025

Matt Lin (Senior Incident Response Consultant, Mandiant) and Daniel Spicer (Chief Security Officer, Ivanti) dive into the research and response of UNC5221's campaigns against Ivanti. They cover how this threat actor has evolved from earlier campaigns, the continued focus of edge infrastructure by APT actors, and the shared responsibility of security in mitigating threats like this. https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerabilityhttps://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-dayhttps://www.ivanti.com/blog/an-update-on-ivantis-ongoing-commitment-to-enhanced-product-securityhttps://www.ivanti.com/resources/secure-by-design/2024https://cloud.google.com/blog/topics/threat-intelligence/2024-zero-day-trends?e=48754805

Host Luke McNamara is joined by GTIG Senior Security Researcher Rohit Nambiar to discuss Rohit's recent blog on some interesting usage of RDP by UNC5837. Rohit covers the discovery of the campaign, and the novel functionalities they were using to likely support cyber espionage goals. He delves into these findings and the usage of RemoteApps and victim file mapping via RDP, and closes with some of the mysteries that remain about this activity. https://cloud.google.com/blog/topics/threat-intelligence/windows-rogue-remote-desktop-protocol

Imran Ahmad, Senior Partner and Canadian Co-Head of Cybersecurity at Norton Rose Fulbright, dives into the shifting landscape of cyber risk management. He emphasizes the imperatives of proactive training before breaches and how ransomware has altered boardroom discussions. Ahmad discusses the growing importance of educating executives on cybersecurity strategies and the rise of threats like AI-driven corporate espionage. He also addresses how organizations must adapt to sophisticated threats, stressing the need for collaboration among legal and technical teams.

Kelli Vanderlee, Kate Morgan, and Jamie Collier join host Luke McNamara to discuss trends that are top of mind for them in tracking emergent threats this year, from nation state intrusions to financially motivated ransomware campaigns. https://cloud.google.com/security/resources/cybersecurity-forecasthttps://cloud.google.com/blog/topics/threat-intelligence/cybercrime-multifaceted-national-security-threat

Dan Black, Principal Analyst at the Google Threat Intelligence Group, dives into the chilling world of Russia-aligned cyber threats, particularly focusing on Signal Messenger. He explains the shift in Russian cyber tactics from civilian targets to military priorities, highlighting their use of espionage. Black discusses how Ukrainian forces rely on encrypted apps amid rising threats like malware and phishing. He also shares essential cybersecurity practices for users to protect themselves, emphasizing the importance of vigilance in the evolving digital battlefield.

Steph Hay (Senior Director for Gemini Product and UX, Google Cloud Security) joins host Luke McNamara to discuss agentic AI and its implications for security disciplines. Steph walks through how generative AI is already impacting the finding of threats, reduction of toil, and the scaling up of workforce talent, before discussing how agents will increasingly play a role in operationalizing security. Steph details how this automation of processes, with humans in the loop, can increase the capabilities of an enterprise in cyber defense. 

Jibran Ilyas (Consulting Leader, Mandiant Consulting) joins host Luke McNamara to discuss remediation as part of incident response. Jibran covers various scenarios (espionage and ransomware) and how they may differ in approaching remediation, how types of architecture could shape remediation efforts, non-technical components of the remediation phase, and more. 

Mandiant Senior Consultant Alishia Hui joins host Luke McNamara to discuss all things tabletop exercise related. Alishia walks through the elements of a tabletop exercise, important preparatory steps, the success factors for a good exercise, and how organizations can implement lessons learned. https://cloud.google.com/transform/the-empty-chair-guess-whos-missing-from-your-cybersecurity-tabletop-exercisehttps://www.mandiant.com/sites/default/files/2021-09/ds-tabletop-exercise-000005-2.pdf