Podcasts

Beers with Talos

Threats, Beers, and No Silver Bullets

Listen to Talos security experts as they bring their hot takes on current security topics and Talos research to the table. Along the way Hazel, Mitch, Matt and a rotating chair of special guests will talk about anything (and we mean anything) that's on their minds, from the latest YouTube trends to Olympic curling etiquette. New episodes every other Thursday.


Space Pirates, Living Off Trusted Services, & Bill Declares Food War

In this episode of Beers with Talos, Hazel, Bill, Dave and Joe are joined by Talos Security Research Engineer James Nutland to discuss Living Off Trusted Services (LOTS) - a growing technique where attackers use platforms such as GitHub, Google Drive, Microsoft services and Telegram for command and control, malware delivery and data exfiltration.

We explore why this trend is growing, how it differs from Living Off the Land (LOTL)....and Lord of the Rings (LOTR)....why trusted services create new detection challenges, and what defenders should be monitoring.

Also in this episode:

  • Data centers in space, when physics still has to physics.
  • A USA vs UK Independence Day food showdown.
  • Hazel faces another round of Make Hazel a Hacker.
  • A new Reason Not to Quit looks at the latest successes from Operation Endgame.
  • Bill gets his own corner.

Here's the LOTS project repository mentioned in the episode https://lots-project.com/

Talos Takes

Talos’ spin on security news

Every week, our host brings on a new guest from Talos or the broader Cisco Security world to break down a complicated security topic in just five or 10 minutes. We cover everything from breaking news to attacker trends and emerging threats.


ARToken: How attackers are bypassing MFA and maintaining access

MFA and password resets aren't always enough.

That’s terrifying for security teams today. In this episode of Talos Takes, we dive deep into ARToken, a sophisticated phishing-as-a-service platform that steals credentials, bypasses MFA entirely, and leverages primary refresh tokens (PRTs) to maintain persistence in your environment long after a password reset. This turns a simple phishing click into a long-term breach.

It’s time to rethink your defenses. Join us as Cisco Talos Threat Researcher Michael Kelley breaks down how this new breed of automated attack works and, more importantly, how you can spot it. From hunting for suspicious device authorization grants to securing your cloud infrastructure, don't miss this critical look at the new frontier of business email compromise. 

Blog: https://blog.talosintelligence.com/artoken-inside-an-eviltokens-affiliate-panel-targeting-microsoft-365/