Microsoft Threat Intelligence Podcast

By: Microsoft
Listen for free

  • Summary

  • Join us to hear stories from the Microsoft Threat Intelligence community as they navigate the ever-evolving threat landscape - uncovering APTs, cybercrime gangs, malware, vulnerabilities, and other weird and cool tools and tactics in the world of cyber threats. Featuring tales of innovation, teamwork, and cyber espionage, tune in to hear in-depth analyses of Microsoft's influence on the threat landscape and behind the scenes stories from the tireless researchers and analysts that take part. This enthralling and insightful podcast is delivered in a casual, conversational style that transports you to the frontlines of cyber defense.
    ©2023 Microsoft
    Show more Show less
Episodes
  • The Inside Scoop on Using KQL for Cloud Data Security

    The Inside Scoop on Using KQL for Cloud Data Security
    Sep 25 2024
    In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by the authors of the new book The Definitive Guide to KQL: Using Kusto Query Language for Operations, Defending, and Threat Hunting. Guests Rod Trent, Matt Zorich, and Mark Morowczynski discuss the significance of KQL (Kusto Query Language) in cloud data security and how it enables efficient data querying for threat detection in Microsoft products like Sentinel and Defender. They share insights from their own experiences, highlight key features of the book, and explain how both beginners and experts can benefit from KQL. Later in the episode Sherrod speaks with Senior Threat Hunter Lekshmi Vijayne about the growing trend of cyberattacks using malicious PowerShell commands. Lekshmi explains how attackers trick users into copying and pasting harmful code, often through compromised websites or phishing emails. They discuss how these attacks aim to install remote access tools like NetSupport RAT or information stealers, targeting sensitive data like browser credentials and crypto keys. In this episode you’ll learn: How KQL is applied in real-world security scenarios including incident response Key features and benefits of KQL when it comes to security and cloud data Distinguishing between legitimate and malicious uses of remote management tools Some questions we ask: How does KQL tie into the Microsoft ecosystem, like Defender and Copilot? What advice would you give to someone new to KQL who wants to start learning? What is the technique we're seeing with copy-pasting malicious PowerShell? Resources: View Mark Morowczynski on LinkedIn View Matt Zorich on LinkedIn View Rod Trent on LinkedIn View Lekshmi Vijayne on LinkedIn View Sherrod DeGrippo on LinkedIn Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
    Show more Show less
    27 mins
  • Citrine and Onyx Sleet: An Inside Look at North Korean Threat Actors

    Citrine and Onyx Sleet: An Inside Look at North Korean Threat Actors
    Sep 11 2024
    In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo discusses North Korean threat actors with one of our Microsoft Threat Intelligence researchers and Greg Schloemer focusing on two prominent groups: Onyx Sleet and Storm 0530. Onyx Sleet is a long-standing espionage group known for targeting defense and energy sectors, particularly in the U.S. and India. However, they’ve diversified into ransomware, using tactics like malware downloaders, zero-day vulnerabilities, and a remote access Trojan called D-Track. The conversation also touches on the use of fake certificates and the group's involvement in the software supply chain space. In this episode you’ll learn: The relationship between Onyx Sleet and Storm 0530 North Korea's broader strategy of using cyber-attacks and moonlighting activities Surprising nature of recent attack chains involving vulnerability in the Chromium engine Some questions we ask: Does Onyx Sleet engage in cryptocurrency activities as well as traditional espionage? How does the use of a fake Tableau software certificate fit into Onyx Sleet's attack chain? Where does the name "Holy Ghost" come from, and why did they choose it? Resources: View Greg Schloemer on LinkedIn View Sherrod DeGrippo on LinkedIn Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
    Show more Show less
    29 mins
  • Black Basta and the Use of LLMs by Threat Actors

    Black Basta and the Use of LLMs by Threat Actors
    Aug 28 2024
    In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Microsoft security researchers Anna Seitz and Daria Pop to discuss the latest trends in ransomware and the evolving role of AI in cyber threats. Daria Pop provides insights into the shifting tactics of Black Basta ransomware, including their use of phishing, social engineering, and remote management tools. The discussion also covers the persistence of malvertising and its challenges for defenders. Anna Seitz explores how state-sponsored threat actors, including Forest Blizzard, Emerald Sleet, and Crimson Sandstorm, are leveraging large language models (LLMs) for various malicious activities. In this episode you’ll learn: Why the takedown of Qakbot impacted Black Basta’s strategies What malvertising is and why its persistence is due to the complex nature of ad traffic How the MITRE Atlas framework assists defenders in identifying new threats Some questions we ask: What role does social engineering play in the campaigns involving Quick Assist? How are North Korean threat actors like Emerald Sleep using LLMs for their campaigns? Can you explain the changes in Black Basta’s initial access methods over the years? Resources: View Anna Seitz on LinkedIn View Daria Pop on LinkedIn View Sherrod DeGrippo on LinkedIn Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
    Show more Show less
    24 mins
Economics
Show more Show less

What listeners say about Microsoft Threat Intelligence Podcast

Average customer ratings
Overall
  • 5 out of 5 stars
  • 5 Stars
    1
  • 4 Stars
    0
  • 3 Stars
    0
  • 2 Stars
    0
  • 1 Stars
    0
Performance
  • 5 out of 5 stars
  • 5 Stars
    1
  • 4 Stars
    0
  • 3 Stars
    0
  • 2 Stars
    0
  • 1 Stars
    0
Story
  • 5 out of 5 stars
  • 5 Stars
    1
  • 4 Stars
    0
  • 3 Stars
    0
  • 2 Stars
    0
  • 1 Stars
    0

Reviews - Please select the tabs below to change the source of reviews.

Audible.com reviews

Amazon reviews
No Reviews are Available