Listen to Talos security experts as they dive into emerging threats, forcing the bad guys to innovate, hacking refrigerators, and other security issues, all with beer.

  • Beers With Talos : Episode 64
    2019-10-25

    Your Problem Isn’t Complex, Its Simply Complexity

    Recorded 10/10/19 - This EP lives up to it’s name, by trying to only take on a minimal topic and then becoming completely convoluted. We start of with an extended round table (I even cut like half of it out) and then start talking about the trials and tribulations of making things too complex - from software to network design. If the devil is in the details, then the danger is in there being too many of them. We take two simple examples - PDF readers and a trip to the doctors office - and look at how the complexity jammed into the tech around these two things is where things become disturbingly dangerous.

    Full show notes on the Talos blog

    Hosted By:
    Mitch Neff@MitchNeff
    Featuring:
    Craig Williams@security_craig, Joel Esler@JoelEsler, Matt Olney@kpyke, and Nigel Houghton@EnglishLFC
    Download
    Run Time: 56:29

    Keywords
    • talos
    • security
    • complexity
    • vulnerability
    • encryption
    • data

  • Beers With Talos : Episode 63
    2019-10-11

    The Third Law of Thermodynamics

    Recorded 9/27/19 - We are down Matt and Joel today, so Mitch, Craig, and Nigel are taking you through this EP. We cover some recent posts from Talos with Divergent and Tortoiseshell. Turns out, people get a bit excited when you target US veterans with malware - even other malware authors thinks that’s scummy. That takes us into a chat about social engineering in general and we end up talking about some interesting stuff with unpatchable vulns and why deleting /var on install could be described as a bad idea for a Chrome update.

    Full show notes on the Talos blog

    Hosted By:
    Mitch Neff@MitchNeff
    Featuring:
    Craig Williams@security_craig and Nigel Houghton@EnglishLFC
    Download
    Run Time: 57:24

    Keywords
    • talos
    • security
    • social engineering
    • Divergent
    • Tortoiseshell
    • VPN

  • Beers With Talos : Episode 62
    2019-09-26

    Fifty Shades of Shady

    Recorded 9/13/19 - In one of our rantier episodes of late, the BWT crew dives into the ongoing insidiousness that is cryptomining with Watchbog, and then we turn our attention to some idiot that thinks charging people $50 to bypass MFA on their own machines is a swell idea, because nothing bad can happen there, right? RIGHT?! Finally, we take a look at some recent breaches and the trend of attempting to downplay the severity of a breach because the data ex-fil wasn’t “vital or important”. Again, what can go wrong with that line of thinking? This is fine. Everything is just fine. Security is solved, we can go home now. Full show notes on the Talos blog

    Hosted By:
    Mitch Neff@MitchNeff
    Featuring:
    Craig Williams@security_craig, Joel Esler@JoelEsler, Matt Olney@kpyke, and Nigel Houghton@EnglishLFC
    Download
    Run Time: 54:01

    Keywords
    • talos
    • security
    • watchbog
    • exfil
    • MFA
    • 2FA
    • breach

  • Beers With Talos : Episode 61
    2019-09-11

    Hacking for Good is a Bad Idea

    Recorded 8/30/19 - In this extra-sized EP, we cover a lot - starting with Retadup, and discussing the intricate workings of why it’s a bead idea to execute code on other computers without permission when you have no idea what that computer is doing. WannaCry is making some headlines again, but this time it isn’t WannaCry and frankly it’s not news. From the mobile ecosystem os battleground, Google’s Project0 announced several vulns in iOS that have been discovered being exploited in the wild, with some of the exploit chains leveraging 0-day. Most important development of the week is that journalists are now quoting Matt of his Twitter timeline and this is certain to end well. Full show notes available on the Talos blog

    Hosted By:
    Mitch Neff@MitchNeff
    Featuring:
    Craig Williams@security_craig, Joel Esler@JoelEsler, Matt Olney@kpyke, and Nigel Houghton@EnglishLFC
    Download
    Run Time: 1:07:42

    Keywords
    • talos
    • security
    • retadup
    • wanna cry
    • avast
    • 0-day
    • project0

  • Beers With Talos : Episode 60
    2019-08-30

    Summer Camp Flashbacks and Defining Your Intel

    Recorded 8/16/19 - The understatement of the day would be the guys were in some kind of mood today… There is no explaining the way they are sometimes. We ended up discussing a lot of the awesome things that went on at Blackhat and DEFCON… like the time Matt and Mitch got ejected from the Aviation Village for recognizing the prowess of the greatest plane ever built. BRRRRRRT. And also the time Joel ejected himself from the Cisco party. Deeper in the EP we get into threat intelligence – what is it, how to find the intel you need, and how to leverage it to create value. Full show notes on the Talos blog

    Hosted By:
    Mitch Neff@MitchNeff
    Featuring:
    Craig Williams@security_craig, Joel Esler@JoelEsler, Matt Olney@kpyke, and Nigel Houghton@EnglishLFC
    Download
    Run Time: 1:09:40

    Keywords
    • talos
    • security
    • threat intelligence
    • summer camp
    • defcon
    • balckhat

  • Beers With Talos : Episode 59
    2019-08-16

    The Tardy Episode

    Recorded 8/2/19 - Yes, I know what today’s date is. We got really busy last week and I am sorry that the podcast is late. Really, I wish I wasn’t writing these notes at 12:#0r4-j3pofw…. What? Anyway, we talk about malvertising and dig into that ecosystem a bit looking at some of the competing priorities (hint: none of them are your privacy). We also discuss BlueKeep making its debut in Canvas and surely soon to follow in other fine pen testing platforms. We use that opportunity to review a little bit of RDP knowledge and defense. We’re recording again tomorrow and I really don’t want to hear what my co-hosts will say if this isn’t out by then, so I’m going to go hit publish now. Full show notes on the Talos blog

    Hosted By:
    Mitch Neff@MitchNeff
    Featuring:
    Craig Williams@security_craig, Joel Esler@JoelEsler, and Nigel Houghton@EnglishLFC
    Download
    Run Time: 53:13

    Keywords
    • talos
    • security
    • malvertising
    • bluekeep

  • Beers With Talos : Episode 58
    2019-07-24

    Defending Democracy and Doing DEFCON

    Recorded 7/19/19 - Wow, we packed a lot in this one: election security, burner phones, social app ToS, and maybe the worst opsec of all time - of course, Nigel blames Canada for all of it. Fair warning, this EP set a new record for beeps and train horns, so you have been warned. We primarily take a look at how an attacker would see disrupting democracy (and not in the cool startup way) by looking at the available attack surface with their intentions in mind. We also lay out some cases where burner devices make sense and where they might not. We close up with some helpful tips to enjoy a massive con like BlackHat or DEFCON. But seriously, that was a lot of beeps. Full show notes on the Talos blog

    Hosted By:
    Mitch Neff@MitchNeff
    Featuring:
    Craig Williams@security_craig, Matt Olney@kpyke, and Nigel Houghton@EnglishLFC
    Download
    Run Time: 1:12:50

    Keywords
    • talos
    • security
    • election security
    • DEFCON
    • burner
    • conference

  • Beers With Talos : Episode 57
    2019-07-18

    It’s a Business Decision, Not Rocket Science

    Recorded 7/8/19 - Matt skipped today’s podcast in favor of a meeting - for real. The rest of the crew carried on to discuss a few of this week’s hot button issues - municipalities paying (or not paying) the ransom, NASA JPL reporting APT breached their network via a rouge Pi (in true Mr. Robot fashion), and looking at rouge devices in general. Next EP will be our last before Black Hat and DEFCON, so tune in to find out where you can find Talos! Full show notes on the Talos blog

    Hosted By:
    Mitch Neff@MitchNeff
    Featuring:
    Craig Williams@security_craig, Joel Esler@JoelEsler, and Nigel Houghton@EnglishLFC
    Download
    Run Time: 53:56

    Keywords
    • Talos
    • security
    • rouge device
    • NASA
    • ransomware

  • Beers With Talos : Episode 56
    2019-07-03

    Flatlined: Breach to Bankrupt

    Recorded 6/24/19 - Back in the studio for EP 56 and off the top, Matt got some new toy for his side hustle as a Twitch star - I still can’t figure out exactly how he did what he did, but it was not helpful from a producer’s perspective. It’s repaired, but still enough to apologize for. This is why we can’t have nice things. We discuss the issues around the AMCA data heist - a breach that caused a bankruptcy - and the complexity of securely moving sensitive data, like PII and HIPAA data, to the cloud. As we get deeper, we end up discussing the issues inherent in medical data - namely, its sensitivity and data security issues so systemic in nature that not even HIPAA can help.

    Full notes on the Talos blog

    Hosted By:
    Mitch Neff@MitchNeff
    Featuring:
    Craig Williams@security_craig, Joel Esler@JoelEsler, Matt Olney@kpyke, and Nigel Houghton@EnglishLFC
    Download
    Run Time: 44:33

    Keywords
    • talos
    • security
    • medical data
    • AMCA
    • HIPAA

  • Beers With Talos : Episode 55
    2019-06-25

    BWT Live from San Diego!

    Recorded 6/12/19 - God knows why, but we bring you another live EP from the Talos Threat Research Summit at Cisco Live US in San Diego, CA. We are joined by TTRS keynote speaker (as is tradition) Liz Wharton. Catch the highlights of the show and stick around for hot takes from the live audience. Thanks to everyone who showed up to the recording, especially those brave enough to step up to the mic at the end. This is our annual reminder of why we don’t do this more often.

    Full show notes on the Talos blog

    Hosted By:
    Mitch Neff@MitchNeff
    Special Guest:
    Liz Wharton@LawyerLiz
    Featuring:
    Craig Williams@security_craig, Joel Esler@JoelEsler, Matt Olney@kpyke, and Nigel Houghton@EnglishLFC
    Download
    Run Time: 57:57

    Keywords
    • talos
    • security
    • TTRS
    • San Diego
    • Live

  • Beers With Talos : Episode 54
    2019-05-29

    Patch After Listening, RDP and Wild 0-days

    Recorded 5/24/19 - There is another Blue(x) to talk about and guess what? YES, YOU STILL NEED TO PATCH. We talk about RDP, the source of this vuln, and whether or not exploits exist for it (hint: they do). There is a quick look back at last year on the anniversary of VPNFilter, and we also tackle 0-days again through the lens of Project Zero’s timeline of 0-days found in the wild.

    Also, Craig hasn’t seen the end of John Wick 3 yet, so feel free to tweet him spoilers. If you are in San Diego for Cisco Live, come find us to see a live recording of the podcast!

    Full show notes on the Talos blog

    Hosted By:
    Mitch Neff@MitchNeff
    Featuring:
    Craig Williams@security_craig, Joel Esler@JoelEsler, Matt Olney@kpyke, and Nigel Houghton@EnglishLFC
    Download
    Run Time: 53:57

    Keywords
    • talos
    • security
    • RDP
    • 0-day
    • zero day
    • BlueKeep

  • Beers With Talos : Episode 53
    2019-05-21

    Shiny Happy Election Security (And Ninjas)

    Recorded 5/10/19 - Election security has been a dominant headline for some time, so it’s high time we take a look at what that landscape looks like - where we are today, and how we got there in the first place (hint: there were deeper unintended consequences than Shiny Happy People on REM’s “Out of Time” album). We anticipate gathering some first-time listeners due to the topic of this podcast… to you we say welcome - and yes, it’s always like this. Matt kicks us off today discussing the greatest nerd rock band of all time - Ninja Sex Party. If you haven’t heard of them, you are in the wrong and should fix that quickly. Full show notes on the Talos blog

    Hosted By:
    Mitch Neff@MitchNeff
    Featuring:
    Craig Williams@security_craig, Joel Esler@JoelEsler, Matt Olney@kpyke, and Nigel Houghton@EnglishLFC
    Download
    Run Time: 1:00:53

    Keywords
    • talos
    • security
    • election security
    • voting
    • ninja sex party

  • Beers With Talos : Episode 52
    2019-04-30

    I Don’t Trust You Because I Care

    Recorded 4/26/19 - Since Craig decided to skip the podcast today, we decided to invite one of Austin’s top actual security experts, Wendy Nather, to stop by. After Mitch is done being a fanboy, Wendy breaks down zero-trust, beyond the marketing story of a world without a perimeter. We spend most of the time discussing what zero trust looks like as security model and how it can be implemented in the real world. We also dive into usability and “good enough” security. Full show notes available on the Talos blog

    Hosted By:
    Mitch Neff@MitchNeff
    Special Guest:
    Wendy Nather@wendynather
    Featuring:
    Joel Esler@JoelEsler, Matt Olney@kpyke, and Nigel Houghton@EnglishLFC
    Download
    Run Time: 59:19

    Keywords
    • talos
    • security
    • zero trust
    • mfa
    • wendy nather

  • Beers With Talos : Episode 51
    2019-04-17

    Sea Turtles Yeeting Packets

    Recorded 4/12/19 - Today we rip through a few other things to spend most of our time discussing Sea Turtle - the latest DNS hijacking campaign uncovered by Talos. Also, Joel causes the biggest blockchain outburst in some time. Special thanks for today’s podcast goes to Danny Adamantis, Talos researcher on the Sea Turtle campaign. Danny was going to be with us today, but experienced some technical issues that prevented that from happening. RIP Danny’s mic 4-12-19. Full show notes on the Talos blog

    Hosted By:
    Mitch Neff@MitchNeff
    Featuring:
    Craig Williams@security_craig and Nigel Houghton@EnglishLFC
    Download
    Run Time: 1:01:19

    Keywords
    • talos
    • security
    • DNS
    • hijacking
    • sea turtle

  • Beers With Talos : Episode 50
    2019-04-05

    Operating Under the Cover of… Nothing

    Recorded 3/29/19 - Matt and Joel are both on the road this week, and Omar Santos from Cisco PSIRT joins the crew to discuss malware posing as ransomware and defending against supply chain attacks. We go deeper on the Talos story exposing criminal groups operating in the open on social media platforms like Facebook - and the implications of criminal groups leveraging social networking. Facebook has removed the disclosed groups, so we discuss the best-effort ways to play whack-a-mole with bad guys on the open web. Full show notes on the Talos blog

    Hosted By:
    Mitch Neff@MitchNeff
    Special Guest:
    Omar Santos@santosomar
    Featuring:
    Craig Williams@security_craig and Nigel Houghton@EnglishLFC
    Download
    Run Time: 1:00:20

    Keywords
    • talos
    • security
    • supply chain
    • facebook
    • asus