The BlueHat Podcast
Sherrod DeGrippo on Why She Loves Cyber Crime
Sherrod DeGrippo, Director of Threat Intelligence Strategy at Microsoft and Host of The Microsoft Threat Intelligence Podcast, joins Nic Fillingham on this week's episode of The BlueHat Podcast. Sherrod is a frequently cited threat intelligence expert in media, including televised appearances on the BBC news and commentary in the Wall Street Journal, CNN, New York Times, and more. She is a well-known public speaker, having presented at Black Hat, RSA Conference, RMISC, BrunchCon, and others. Sherrod and Nic discuss various topics, including different types of threat actors, the overlap between nation-state actors and cybercrime, and Sherrod's fascination with cybercrime, emphasizing cybercriminals' creativity and ingenuity, particularly those who use social engineering techniques.
In This Episode You Will Learn:
- Why many cybercriminals don't believe they are engaging in criminal activity
- How understanding a threat actor's psychology is essential to creating detection methods
- The importance of maintaining proper security hygiene
Some Questions We Ask:
- How can threat actors operate with impunity?
- Should individuals and small businesses worry about nation-state threat actors?
- Can we reform and convince cybercrime groups to use their talents for good?
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
View all episodes
17. Service Principles in the Spotlight: Insights from Microsoft’s Security Experts43:53Senior Data Scientist Emily Yale and Senior Threat Hunt Analyst at Microsoft Chris Bukavich join Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Chris focuses on incident response, investigation, and detection of major incidents, while Emily works on developing and improving detections for Microsoft's internal security. Emily and Chris were co-presenters at this year's BlueHat conference. They discussed unmasking Azure-based adversaries with an emphasis on monitoring service principles, how their respective expertise in data science and cybersecurity contributed to the session, and the challenges of monitoring service principles in Azure. This concept has evolved from traditional service accounts. In This Episode You Will Learn: The importance of monitoring spikes in activity Criteria for identifying malicious behavior targeting service principles Historical context of service principles and their increasing relevance Some Questions We Ask: How can you proactively monitor and detect anomalies related to service principles? What challenges arise when profiling service principles based on past behavior? When can service principles be tied to user authentication? Resources: View Emily Yale on LinkedIn View Chris Bukavich on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts
16. Kaileigh McCrea: Navigating the Privacy Maze: Insights from the Yandex Controversy45:33Kaileigh McCrea, Lead Privacy Engineer at Confiant, joins Wendy Zenone on this week's episode of The BlueHat Podcast. Kaileigh explains her journey into privacy engineering, the ever-evolving nature of privacy regulations, and the challenges of defining protected data. Wendy and Kaileigh also delve into Yandex's extensive reach, connections to the Netherlands, and the complexities surrounding its ownership and compliance in the face of global sanctions. Overall, the discussion emphasizes the importance of protecting personal data and being aware of potential risks, even if one believes they have nothing to hide. In This Episode You Will Learn: The importance of protecting personal data, even with nothing to hide Implications of the Yandex data leak Challenges Yandex faces in trying to sell off its assets Some Questions We Ask: What kind of analytics data was involved in the Yandex leak? How could this data be misused from a national security perspective? Why is protecting one's data so tricky due to the scale of data collection? Resources: View Kaileigh McCrea on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Security Unlocked Security Unlocked: CISO Series with Bret Arsenault Secure the Job: Breaking into Security The Microsoft Threat Intelligence Podcast Discover and follow other Microsoft podcasts at microsoft.com/podcasts
15. Deprecating NTLM is Easy and Other Lies We Tell Ourselves with Steve Syfuhs43:32Steve Syfuhs, Principal Software Engineer at Microsoft, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Steve has spent the last decade building secure systems and is working at Microsoft as a Principal Developer. In this episode, Steve, Nic, and Wendy discuss how continually improving hardware allows for faster brute-force attacks, the technical and security aspects of password-based authentication protocols, and why the longevity of password security can be extended through incremental improvements. In This Episode You Will Learn: Technical and security aspects of password-based authentication protocols Why passwords should not be the primary authentication mechanism The challenges of making significant changes to long-standing systems Some Questions We Ask: Why explore secure and user-friendly alternatives like biometrics or hardware keys? How quickly can you guess an 8-character password using specialized hardware? Will audits within Microsoft help understand and improve NTLM usage and security? Resources: View Steve Syfuhs on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Security Unlocked Security Unlocked: CISO Series with Bret Arsenault Secure the Job: Breaking into Security The Microsoft Threat Intelligence Podcast Discover and follow other Microsoft podcasts at microsoft.com/podcasts
14. BlueHat Oct 23 Day 1 Keynote: John Lambert49:24In this week’s special episode, we bring you the BlueHat Oct 23, day 1 keynote delivered by John Lambert, Microsoft Corporate Vice President and Security Fellow. In his BlueHat Oct day 1 keynote, John discusses the importance of incidents in the security field, strategies for finding security incidents, and the importance of looking beyond traditional defense measures to discover attackers and traces outside of one's network. John introduces the idea of "hunting until closure," which involves systematically investigating various attacker actions to learn more about their activities. He also mentions the concept of "time travel breach detection," which uses historical logs to trace and identify previous attacker actions. In This Episode You Will Learn: The importance of security incidents in shaping the cybersecurity field Why logs and telemetry data in cybersecurity are essential when tracking attacker actions How valuable mutual respect is in the security community Some Questions We Ask: How do escalating conflicts within teams affect productivity? What role did trust and collaboration play in responding to the SolarWinds incident? Why must the security community work together to protect customers? Resources: View John Lambert on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Security Unlocked Security Unlocked: CISO Series with Bret Arsenault Secure the Job: Breaking into Security Discover and follow other Microsoft podcasts at microsoft.com/podcasts
13. Bluehat Oct 23 Preview with Jessica Payne41:24Microsoft Threat Intelligence Analyst Jessica Payne joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Nic, Wendy, and Jessica discuss Jessica's background in cybersecurity, her journey to Microsoft, her passion for making security more accessible, and the importance of diversity in the field. Jessica also emphasizes the need to focus on actionable threat intelligence and how ransomware has changed the security landscape while also providing insights into the process of submitting a presentation for The BlueHat Conference. In This Episode You Will Learn: Jessica's contributions to the Threat Intelligence Village Sessions and keynotes scheduled for the bluehat conference The importance of diversity and inclusion in the conference's selection process Some Questions We Ask: What makes BlueHat unique compared to other conferences? Why does BlueHat avoid marketing and encourage a research-focused atmosphere? What interactive activities does BlueHat have planned for the Threat Intelligence Village? Resources: View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Discover and follow other Microsoft podcasts at microsoft.com/podcasts
11. Deciphering Privacy in the Age of AI: An Expert Discussion42:43Giovanni Cherubin and Ahmed Salem join Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Giovanni is a Senior Researcher in Machine Learning and Security at Microsoft Research Cambridge, and Ahmed is a researcher in Confidential Computing at the Microsoft Research lab in Cambridge, UK. They're both interested in artificial intelligence and are researching the privacy, security, fairness, and accountability risks of the different machine learning settings. In this episode, they discuss how to identify and address privacy threats in machine learning models, the connection between privacy and information leakage, and how privacy is perceived in academia and industry.In This Episode You Will Learn: Algorithmic procedures for describing threats and attacksThe rapid growth of machine learning research in attacks and defenseThe framework for fostering collaboration and understanding within the fieldSome Questions We Ask: What are the main threats you are currently focused on? Who will benefit from this research besides academics and researchers?Can you explain the concept of privacy as it relates to information leakage?Resources: View Giovanni Cherubin on LinkedInView Ahmed Salem on LinkedInView Wendy Zenone on LinkedInView Nic Fillingham on LinkedInDiscover and follow other Microsoft podcasts at microsoft.com/podcasts
10. Not with a Bug but with a Sticker48:29Hyrum Anderson and Ram Shankar join Nic Fillingham and Wendy Zenone on this week’s episode of The BlueHat Podcast. Hyrum Anderson is a distinguished ML Engineer at Robust Intelligence. He received his Ph.D. in Electrical Engineering from the University of Washington, emphasizing signal processing and machine learning. Much of his technical career has focused on security, and he has directed research projects at MIT Lincoln Laboratory and Sandia National Laboratories. Ram Shankar works on the intersection of machine learning and security at Microsoft and founded the AI Red Team, bringing together an interdisciplinary group of researchers and engineers to proactively attack AI systems and defend them from attacks. In This Episode You Will Learn: The difference between AI and machine learningWhy embracing a holistic, healthy AI development is to our advantageThe security vulnerabilities and risks associated with AI and Machine LearningSome Questions We Ask: Who did you write this book for, and what will the readers learn? What type of vulnerabilities are you finding the most concerning currently? How do adversarial attacks exploit vulnerabilities in AI algorithms?Resources: View Hyrum Anderson on LinkedInView Ram Shankar on LinkedInView Wendy Zenone on LinkedInView Nic Fillingham on LinkedInNot with a Bug, But with a Sticker is available hereFollow Hyrum on TwitterFollow Ram on TwitterDiscover and follow other Microsoft podcasts at microsoft.com/podcasts
9. Fuzzing, Forensics and Flowers with Amanda Rousseau AKA Malware Unicorn40:47Amanda Rousseau, Offensive Security Engineer for the Microsoft Offensive Research and Security Engineering Team, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Amanda loves malware; she worked as an Offensive Security Engineer on the Red Team at Facebook, a Malware Researcher at Endgame, and the U.S. Department of Defense Cyber Crime Center. Amanda mainly focuses on vulnerability, research fuzzing, and security engineering and discusses with Nic and Wendy her time reviewing and analyzing offline digital devices, known as Dead-Box Forensics, reverse engineering malware, and how she finds success from her creative and artistic background. In This Episode You Will Learn: What "shift left" means as a security professional How to learn more about fuzzing and understand some of the tooling Why having a creative background helps when communicating with security teams Some Questions We Ask: How would you describe fuzzing for someone that's doesn't know the definition? What is Dead-Box Forensics, and can you share the investigative process? How can we make fuzzing and security more accessible and less intimidating for developers? Resources: View Amanda Rousseau on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Follow Amanda on Twitter and malwareunicorn.org Discover and follow other Microsoft podcasts at microsoft.com/podcasts