Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
תוכן מסופק על ידי Mandiant. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Mandiant או שותף פלטפורמת הפודקאסט שלו. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
דומה לState of the Hack
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
We help founders make something people want.
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Monday through Friday, Marketplace demystifies the digital economy in less than 10 minutes. We look past the hype and ask tough questions about an industry that’s constantly changing.
…
continue reading
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
Tech Life discovers and explains the ways technology is changing our lives, wherever we are in the world. We meet the people with bright ideas for rethinking the way we work, learn and play, and get hands-on with the products they dream up. We hold tech giants to account for their huge power to affect our lives, and ask who wins, and who loses, in the technology transformation. Tech Life is your guide to a future being made, and remade, at lightning speed in front of our eyes.
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Player FM - אפליקציית פודקאסט
התחל במצב לא מקוון עם האפליקציה Player FM !
התחל במצב לא מקוון עם האפליקציה Player FM !
))
S3E1: Spotlight Iran - from Cain & Abel to full SANDSPY
סדרה בארכיון ("עדכון לא פעיל" status)
When?
This feed was archived on February 26, 2024 18:55 (
Why? עדכון לא פעיל status. השרתים שלנו לא הצליחו לאחזר פודקאסט חוקי לזמן ממושך.
What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.
Manage episode 290580675 series 2915100
תוכן מסופק על ידי Mandiant. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Mandiant או שותף פלטפורמת הפודקאסט שלו. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
In response to increased U.S.-Iran tensions stemming from the recent
death of Quds Force leader Qasem Soleimani by U.S. forces and concerns
of potential retaliatory cyber attacks, we're bringing the latest from
our front-line experts on all things Iran. Christopher Glyer and Nick
Carr are joined by Sarah Jones (@sj94356) and Andrew Thompson
(@QW5kcmV3) to provide a glimpse into Iran-nexus threat groups -
including APT33, APT34, APT35, APT39, and TEMP.Zagros - as well as the
freshest actionable information on suspected Iranian uncategorized
(UNC) groups that are active right now.
We get right into it with a picture of Iranian compromise activity
from just a few years ago - what we observed and the basic,
cookie-cutter approach to their intrusions - and then begin to walk
through the stark contrast to their TTPs today. We discuss how and why
their Computer Network Operations (CNO) has evolved quickly and
provide a detailed walk through all of the graduated Iranian APT
groups.
Our experts share their experiences with each group, moments in time
that surprised or impressed us from Iranian threat actors, and notable
shifts in behavior - as well as our standing questions. Iranian
intrusion operators have come a long way from DDoS & defacement, basic
scanning, Cain & Abel and ASPXspy... to DNS hijacking, social
engineering via LinkedIn, information operations, and backdoors like
QUADAGENT, SANDSPY, TANKSHELL - then filling in the gaps with the
quick adoption of offensive security post-compromise tools and
techniques.
We close this first episode of season 3 with an overview of actionable
mitigations to secure against both Iranian intrusions and several
other threats, including disruptive and destructive ransomware
attacks. For more information on these mitigations as well as our
public source material supporting the discussion from the show, please
check out:
• APT33 graduation:
https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-in
to-iranian-cyber-espionage.html
https://www.brighttalk.com/webcast/10703/275683
• APT33 webinar & examples:
https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-i
n-middle-east-by-apt34.html
• An example TEMP.Zagros phishing campaign:
https://www.fireeye.com/blog/threat-research/2018/03/iranian-threat-gr
oup-updates-ttps-in-spear-phishing-campaign.html
• APT35 highlights in MTrends 2018:
https://www.fireeye.com/content/dam/collateral/en/mtrends-2018.pdf
• Iranian information operations:
https://www.fireeye.com/blog/threat-research/2018/08/suspected-iranian
-influence-operation.html
• RULER home page usage by Iranian groups & mitigations:
https://www.fireeye.com/blog/threat-research/2018/12/overruled-contain
ing-a-potentially-destructive-adversary.html
• APT39 graduation:
https://www.fireeye.com/blog/threat-research/2019/01/apt39-iranian-cyb
er-espionage-group-focused-on-personal-information.html
• Iranian DNS Hijacking (DNSpionage):
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijack
ing-campaign-dns-record-manipulation-at-scale.html
• More Iranian influence operations:
https://www.fireeye.com/blog/threat-research/2019/05/social-media-netw
ork-impersonates-us-political-candidates-supports-iranian-interests.ht
ml
• APT34 social engineering via LinkedIn:
http://www.fireeye.com/blog/threat-research/2019/07/hard-pass-declinin
g-apt34-invite-to-join-their-professional-network.html
• FireEye response to mounting U.S.-Iran tensions:
https://www.fireeye.com/blog/products-and-services/2020/01/fireeye-res
ponse-to-mounting-us-iran-tensions.html
• U.S.-Iran tensions webinar & mitigations overview:
https://www.brighttalk.com/webcast/7451/382779
39 פרקים
שתפו
סדרה בארכיון ("עדכון לא פעיל" status)
When?
This feed was archived on February 26, 2024 18:55 (
Why? עדכון לא פעיל status. השרתים שלנו לא הצליחו לאחזר פודקאסט חוקי לזמן ממושך.
What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.
Manage episode 290580675 series 2915100
תוכן מסופק על ידי Mandiant. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Mandiant או שותף פלטפורמת הפודקאסט שלו. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
In response to increased U.S.-Iran tensions stemming from the recent
death of Quds Force leader Qasem Soleimani by U.S. forces and concerns
of potential retaliatory cyber attacks, we're bringing the latest from
our front-line experts on all things Iran. Christopher Glyer and Nick
Carr are joined by Sarah Jones (@sj94356) and Andrew Thompson
(@QW5kcmV3) to provide a glimpse into Iran-nexus threat groups -
including APT33, APT34, APT35, APT39, and TEMP.Zagros - as well as the
freshest actionable information on suspected Iranian uncategorized
(UNC) groups that are active right now.
We get right into it with a picture of Iranian compromise activity
from just a few years ago - what we observed and the basic,
cookie-cutter approach to their intrusions - and then begin to walk
through the stark contrast to their TTPs today. We discuss how and why
their Computer Network Operations (CNO) has evolved quickly and
provide a detailed walk through all of the graduated Iranian APT
groups.
Our experts share their experiences with each group, moments in time
that surprised or impressed us from Iranian threat actors, and notable
shifts in behavior - as well as our standing questions. Iranian
intrusion operators have come a long way from DDoS & defacement, basic
scanning, Cain & Abel and ASPXspy... to DNS hijacking, social
engineering via LinkedIn, information operations, and backdoors like
QUADAGENT, SANDSPY, TANKSHELL - then filling in the gaps with the
quick adoption of offensive security post-compromise tools and
techniques.
We close this first episode of season 3 with an overview of actionable
mitigations to secure against both Iranian intrusions and several
other threats, including disruptive and destructive ransomware
attacks. For more information on these mitigations as well as our
public source material supporting the discussion from the show, please
check out:
• APT33 graduation:
https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-in
to-iranian-cyber-espionage.html
https://www.brighttalk.com/webcast/10703/275683
• APT33 webinar & examples:
https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-i
n-middle-east-by-apt34.html
• An example TEMP.Zagros phishing campaign:
https://www.fireeye.com/blog/threat-research/2018/03/iranian-threat-gr
oup-updates-ttps-in-spear-phishing-campaign.html
• APT35 highlights in MTrends 2018:
https://www.fireeye.com/content/dam/collateral/en/mtrends-2018.pdf
• Iranian information operations:
https://www.fireeye.com/blog/threat-research/2018/08/suspected-iranian
-influence-operation.html
• RULER home page usage by Iranian groups & mitigations:
https://www.fireeye.com/blog/threat-research/2018/12/overruled-contain
ing-a-potentially-destructive-adversary.html
• APT39 graduation:
https://www.fireeye.com/blog/threat-research/2019/01/apt39-iranian-cyb
er-espionage-group-focused-on-personal-information.html
• Iranian DNS Hijacking (DNSpionage):
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijack
ing-campaign-dns-record-manipulation-at-scale.html
• More Iranian influence operations:
https://www.fireeye.com/blog/threat-research/2019/05/social-media-netw
ork-impersonates-us-political-candidates-supports-iranian-interests.ht
ml
• APT34 social engineering via LinkedIn:
http://www.fireeye.com/blog/threat-research/2019/07/hard-pass-declinin
g-apt34-invite-to-join-their-professional-network.html
• FireEye response to mounting U.S.-Iran tensions:
https://www.fireeye.com/blog/products-and-services/2020/01/fireeye-res
ponse-to-mounting-us-iran-tensions.html
• U.S.-Iran tensions webinar & mitigations overview:
https://www.brighttalk.com/webcast/7451/382779
39 פרקים
כל הפרקים
×
ברוכים הבאים אל Player FM!
Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.
דומה לState of the Hack
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
We help founders make something people want.
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Monday through Friday, Marketplace demystifies the digital economy in less than 10 minutes. We look past the hype and ask tough questions about an industry that’s constantly changing.
…
continue reading
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
Tech Life discovers and explains the ways technology is changing our lives, wherever we are in the world. We meet the people with bright ideas for rethinking the way we work, learn and play, and get hands-on with the products they dream up. We hold tech giants to account for their huge power to affect our lives, and ask who wins, and who loses, in the technology transformation. Tech Life is your guide to a future being made, and remade, at lightning speed in front of our eyes.
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Player FM - אפליקציית פודקאסט
התחל במצב לא מקוון עם האפליקציה Player FM !
התחל במצב לא מקוון עם האפליקציה Player FM !
