Listen to Talos security experts as they dive into emerging threats, forcing the bad guys to innovate, hacking refrigerators, and other security issues, all with beer.

  • Beers With Talos : Episode 27
    2018-04-20

    Smart Install, Vuln Process Realities, and Professional Wrestling

    Recorded 4/13/18 - We just upgraded all our gear, so naturally we had a straight tech meltdown this week and we saved it the best we could. Matt will sound way better next week. Promise. We cover Smart Installer. Again. But that leads down a discussion of security versus convenience that leads to us discussing the process of vuln disclosure - how vendor discussions, release dates, and policies work in the real world. Seriously, we grounded Matt’s computer for misbehaving with the audio.

    Hosted By:
    Mitch Neff@MitchNeff
    Featuring:
    Craig Williams@security_craig, Joel Esler@JoelEsler, Matt Olney@kpyke, and Nigel Houghton@EnglishLFC
    Download
    Run Time: 51:07

    Keywords
    • Security
    • threat intel
    • smart install
    • vulnerability discovery
    • talos threat summit

  • Beers With Talos : Episode 26
    2018-04-06

    Talos is Holding a Conference, and the Evolving Battle at the Edge

    Recorded 3/29/18 - Joel is sitting out this week and Bill Largent from the Outreach team fills in. We are pretty sure he was just wrong late trying to live on Joel Mean Time, which is now a GitHub project thanks to Moses (link below). We cover a wide range in this episode, so stay with us! We chat about the Talos Threat Research Summit coming in June, we wonder where the carrots to match the sticks in security are, and the value of finding your own damn vulns. The last part of the show starts with discussing GoScanSSH which ends up being a discussion on the larger battle for the edge.

    Hosted By:
    Mitch Neff@MitchNeff
    Featuring:
    Craig Williams@security_craig, Matt Olney@kpyke, Nigel Houghton@EnglishLFC, and William Largent@security_will
    Download
    Run Time: 1:04:13

    Keywords
    • talos
    • threat research summit
    • goscanssh
    • security
    • vulnerability research

  • Beers With Talos : Episode 25
    2018-03-20

    WE’LL DO IT LIVE!!

    Recorded 3/13/18 - LIVE from San Jose, CA.
    First of all - we still have a podcast and jobs, so ostensibly, we did okay hosting the meeting event we talked about last time. There may have even been an award involved, just sayin’. Since we were all in one place together and we didn’t get fired, we decided to do our podcast live after the meeting for an audience. We are joined by Talos Sr. Director Matt Watchinski this episode, discussing such existential questions as “why security?” and more concrete things like nation state vs. cybercriminal actors and their differing motivations. We also discuss router security and network devices as a preferred attack vector for advanced actors. Special bonus: Matt beats perhaps the last laugh out of the dead horse that is Paul Revere himself. #CantBooShowNotes

    Hosted By:
    Mitch Neff@MitchNeff
    Special Guest:
    Matt Watchinski@KMX2600
    Featuring:
    Craig Williams@security_craig, Joel Esler@JoelEsler, Matt Olney@kpyke, and Nigel Houghton@EnglishLFC
    Download
    Run Time: 1:01:00

    Keywords
    • talos
    • security
    • router security
    • APT
    • cybercriminals
    • LIVE

  • Beers With Talos : Episode 24
    2018-03-08

    Reflections on DDoS and Bad Authentication Schemes

    Recorded 3/2/18 - Craig is out this week, but the rest of the crew goes through COINHORDER and Memcached and takes a deeper look at authentication and passwords. We cover an overview of reflection attacks and how some passwords schemes that are meant to protect, actually cause harm. We also bid you farewell, since our next episode is supposed to be live after the crew hosts a meeting that stands a not-insignificant chance of getting us all fired. Wish us luck - and send us questions that can make Craig pose to really important Cisco executives.

    Hosted By:
    Mitch Neff@MitchNeff
    Featuring:
    Joel Esler@JoelEsler, Matt Olney@kpyke, and Nigel Houghton@EnglishLFC
    Download
    Run Time: 1:02:58

    Keywords
    • talos
    • security
    • malware
    • DDoS
    • memcached
    • authentication

  • Beers With Talos : Episode 23
    2018-02-23

    Eternal Fauxmance: Attribution Easter Eggs

    Recorded 2/16/18 - This week, Mitch learns about starting a show without Matt with no other plans to control Craig in place. The team discusses Olympic Destroyer and then takes on attribution in light of recent developments with Nyetya. We look at what attribution actually takes and the ease and commonality of planting false flags.

    Hosted By:
    Mitch Neff@MitchNeff
    Featuring:
    Craig Williams@security_craig, Joel Esler@JoelEsler, Matt Olney@kpyke, and Nigel Houghton@EnglishLFC
    Download
    Run Time: 56:37

    Keywords
    • talos
    • nyetya
    • notpetya
    • olympic destroyer
    • attribution
    • Rob Joyce

  • Beers With Talos : Episode 22
    2018-02-06

    Forget the ASA, Rob Joyce Favorited Craig’s Tweet

    Recorded 2/2/18 - Guests two EPs in a row! We are joined by Omar Santos from Cisco PSIRT to discuss CVE-2018-0101, the Cisco ASA Remote Code Execution and Denial of Service Vulnerability. See the PSIRT post below for latest updates. We also discuss Crypto miners overtaking ransomware, a Flash 0-day carrying a known ROKRAT payload (huh??), and we couldn’t escape discussing Autosploit because Rob Joyce faved one of Craig’s tweets.

    Hosted By:
    Mitch Neff@MitchNeff
    Special Guest:
    Omar Santos@santosomar
    Featuring:
    Craig Williams@security_craig, Joel Esler@JoelEsler, Matt Olney@kpyke, and Nigel Houghton@EnglishLFC
    Download
    Run Time: 1:09:53

    Keywords
    • talos
    • security
    • ASA
    • CVE-0218-0101
    • autosploit
    • flash
    • 0-day

  • Beers With Talos : Episode 21
    2018-01-26

    How to Hire the Best, Attribution Without Apaches is Useless

    It is a packed episode this time! We are joined by Edmund from the Talos Outreach Group to chat about Threat Modeling after we make our way through attribution and Group 123, hipster artisanal patching (hand flipped bits!), and spend a good bit of time talking about how Talos identifies the cream of the crop when we are hiring.

    Hosted By:
    Mitch Neff@MitchNeff
    Special Guest:
    Edmund Brumaghin
    Featuring:
    Craig Williams@security_craig, Joel Esler@JoelEsler, Matt Olney@kpyke, and Nigel Houghton@EnglishLFC
    Download
    Run Time: 1:07:34

    Keywords
    • talos
    • security
    • malware
    • attribution
    • hiring
    • patching

  • Beers With Talos : Episode 20
    2018-01-18

    Crypto, Vuln Disco, and the Spectre Meltdown

    This is easily our best podcast of 2018 (so far). The crew discusses the recent spike in crypto-mania sweeping the globe and also goes in-depth on how vulnerability discovery plays a critical role in overall security. Plus, the crew all (shockingly) have different takes on Spectre/Meltdown and Craig decides to up the ante with the killer robots.

    Hosted By:
    Mitch Neff@MitchNeff
    Featuring:
    Craig Williams@security_craig, Joel Esler@JoelEsler, Matt Olney@kpyke, and Nigel Houghton@EnglishLFC
    Download
    Run Time: 1:07:07

    Keywords
    • Crypto
    • vulnerability discovery
    • Talos
    • security
    • spectre
    • meltdown

  • Beers With Talos : Episode 19
    2017-12-29

    The "Best" of Beers with Talos 2017

    Quotes intended, we think you know why. Mitch takes control to present the best of the first (partial) year of the podcast. He covers some of our guests, some of our favorite non-security bits, and a look back at our in-the-moment view of some of the top stories of the year.

    Things you can look forward to: Mitch struggling through sailing solo with bad bits and unnecessary ukulele music, and a not-at-all-contrived apology for permanently deleting the hilarious fallout from an embarrassing faux pas. …but the clips are really good!

    Hosted By:
    Mitch Neff@MitchNeff
    Featuring:
    Craig Williams@security_craig, Joel Esler@JoelEsler, Matt Olney@kpyke, and Nigel Houghton@EnglishLFC
    Download
    Run Time: 1:00:00

    Keywords
    • talos
    • security
    • malware
    • best of

  • Beers With Talos : Episode 18
    2017-12-15

    Kitties in My Blockchain, Obfuscating Pronunciations, and Other Security Stuff

    It’s the last full episode of the year! Thanks to you and the diligent work of Matt’s loving mother, the first 17 EPs of Beers with Talos were downloaded over 200,000 times in 2017! To show our gratitude, we are giving you not one, but TWO roundtables this week and even a special bonus rant! Also, Mitch can’t say words good, and Craig reads us stories from the blog!

    Hosted By:
    Mitch Neff@MitchNeff
    Featuring:
    Craig Williams@security_craig, Joel Esler@JoelEsler, Matt Olney@kpyke, and Nigel Houghton@EnglishLFC
    Download
    Run Time: 1:16:25

    Keywords
    • bwt
    • talos
    • obfuscation
    • back to basics
    • cryptokitties

  • Beers With Talos : Episode 17
    2017-11-21

    Greek Gods, Trojans, and the Spice Girls as Spirit Animals

    Matt hijacks the Roundtable to tell us which Spice Girl each host is, because where else does a PR gimmick from KFC lead? Also, what’s worse than clicking a search result and getting a slideshow listicle? Getting a trojan payload when searching for banking forms (but that is the only thing that is worse - ARE YOU LISTENING BUZZFEED?). We also discuss the misnaming of troll farms and how patching and proper network segmentation are your friends - unlike anyone who publishes clickbait slideshows - STILL LOOKING AT YOU, BUZZFEED)

    Hosted By:
    Mitch Neff@MitchNeff
    Featuring:
    Craig Williams@security_craig, Joel Esler@JoelEsler, Matt Olney@kpyke, and Nigel Houghton@EnglishLFC
    Download
    Run Time: 58:50

    Keywords
    • talos
    • security
    • cybersecurity
    • zeus
    • panda
    • patching
    • troll farms
    • spice girls
    • SEO
    • SERP poisoning

  • Beers With Talos : Episode 16
    2017-11-03

    Strong Copy - Bad Rabbit and the Nyetya Connection

    The crew takes on Apache OpenOffice vulns and when you need one CVE versus one hundred. We spend a lot of time discussing signal to noise ratio and Twitter canaries getting things wrong. Of course, we also discuss Bad Rabbit, its relationship to Nyetya, and why OpenOffice vulns are a worry, even to businesses that are run like hippie communes. As per usual, we mostly just make bad jokes.

    Hosted By:
    Mitch Neff@MitchNeff
    Featuring:
    Craig Williams@security_craig, Joel Esler@JoelEsler, Matt Olney@kpyke, and Nigel Houghton@EnglishLFC
    Download
    Run Time: 01:15:35

    Keywords
    • strcopy
    • Bad Rabbit
    • Nyetya
    • OpenOffice
    • vulns
    • malware
    • security
    • Talos

  • Beers With Talos : Episode 15
    2017-10-18

    Landing a Job, Phishing Midstream, and Paul’s IDA Palette

    In this EP, we take on interviewing and finding a job with technical questions and tests (hint: don’t oversell yourself, and make sure your mute button actually works). We also talk about enabling users with security as opposed to hobbling them. When Craig brings up the Google Home Mini beta test issues, he ends up taking a ration over his choices in handling the situation. We also discuss some clever new phishing techniques that insert malware links mid-conversation with a trusted party.

    Hosted By:
    Mitch Neff@MitchNeff
    Featuring:
    Craig Williams@security_craig, Joel Esler@JoelEsler, Matt Olney@kpyke, and Nigel Houghton@EnglishLFC
    Download
    Run Time: 1:03:00

    Keywords
    • talos
    • security
    • jobs
    • interviews
    • phishing
    • trustsec
    • malware

  • Beers With Talos : Episode 14
    2017-10-03

    Ranking Threats and Avoiding Bush League Breach Response

    We haven’t gone around the table and introduced ourselves in some time (about 50k downloads ago), so we take the time we usually complain about things at the top of the show to do that. We have seen a massive amount of “top-tier” threats in the last six months or so. While it might seem like comparing apples and oranges (hint: it is), the crew takes a stab at ranking these recent threats/attacks: CCleaner, Deloitte, Equifax, Nyetya, SEC, Shamoon2, WannaCry. Shockingly, all of us have a different ranking. What’s your list look like? Regarding response: Consistency matters, don’t be clever. We discuss some recent unbelievably boneheaded things we have seen in security response. More importantly, we discuss how you SHOULD respond to an incident. Remember: Complexity kills. Unfortunately, it doesn’t kill thought leaders

    Hosted By:
    Mitch Neff@MitchNeff
    Featuring:
    Craig Williams@security_craig, Joel Esler@JoelEsler, Matt Olney@kpyke, and Nigel Houghton@EnglishLFC
    Download
    Run Time: 1:02:10

    Keywords
    • Security
    • threat intel
    • Talos
    • breach response
    • chippah

  • Beers With Talos : Episode 13
    2017-09-20

    A Vast CCleanup, Strutting Your Stuff, and the Ex$ploit Economy

    Struts - when to patch and when to patch with a vengeance. In light of the Equifax breach, we discuss how patching can make you live better days, Never look back and say, Could have been me. Naturally, that covo leads into the biggest story of the week around Pwning the Supply Chain - CCleaner, Python, and Nyetya style. Avast made some mistakes, but every tech company is susceptible to supply chain attacks. What can companies do to protect themselves and how can users adopt a stronger security posture in this area? We also talk Ex$ploit Economy - Valuing exploits by supply and demand. Zerodium has an extensive price list, what can we discern about the availability and difficulty of various exploits using basic economics?

    Hosted By:
    Mitch Neff@MitchNeff
    Featuring:
    Craig Williams@security_craig, Joel Esler@JoelEsler, Matt Olney@kpyke, and Nigel Houghton@EnglishLFC
    Download
    Run Time: 1:01:19

    Keywords
    • Security
    • threat intel
    • Equifax
    • struts
    • Avast
    • CCleaner
    • exploits
    • Zerodium
    • Talos