Skip to main content
Blue Security

Blue Security

By Andy Jaw & Adam Brewer

A podcast for information security defenders (blue team) on best practices, tools, and implementation for enterprise security.
Listen on Spotify
Where to listen
Amazon Music Logo

Amazon Music

Apple Podcasts Logo

Apple Podcasts

Castbox Logo

Castbox

Google Podcasts Logo

Google Podcasts

Overcast Logo

Overcast

Pocket Casts Logo

Pocket Casts

RadioPublic Logo

RadioPublic

Spotify Logo

Spotify

Stitcher Logo

Stitcher

Tech Layoffs
Tech Layoffs
On this week's episode, Adam and Andy talk about the tech layoffs. Andy talks about his career and how he's dealt with being laid off multiple times. Listen in if you're interested in how to mentally deal with a layoff and how to prepare yourself to be ready for the worst. ------------------------------------------- Youtube Video Link: https://youtu.be/mSfzd6KQ3qQ ------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Mastodon: https://infosec.exchange/@ajawzero Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
37:08
January 30, 2023
Operational Excellence
Operational Excellence
On this week's episode, Adam and Andy talk about what operational excellence means and how it can help bolster your cybersecurity at your organization. ------------------------------------------- Youtube Video Link: https://youtu.be/1xhWJ5H0llI ------------------------------------------- Documentation: https://twitter.com/swiftonsecurity/status/1614055657728274433?s=46&t=yypBUE-BpQ3gfvl0jjTxJA https://learn.microsoft.com/en-us/sharepoint/redirect-known-folders https://learn.microsoft.com/en-us/sharepoint/retention-and-deletion ------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Mastodon: https://infosec.exchange/@ajawzero Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
36:34
January 23, 2023
News Catchup
News Catchup
On this week's episode, Adam and Andy do a catch up on news from December and talk about the retirement of Windows 7 ESU and 8.1. They also talk about Apple's Advanced Data Protection and the Lastpass breach. ------------------------------------------- Youtube Video Link: https://youtu.be/ibnjen4KxTk ------------------------------------------- Documentation: https://petri.com/microsoft-ends-support-windows-7-windows-8-1/ https://www.apple.com/newsroom/2022/12/apple-advances-user-security-with-powerful-new-data-protections/ https://support.apple.com/guide/security/advanced-data-protection-for-icloud-sec973254c5f/web https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/ https://support.1password.com/pbkdf2/ ------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Mastodon: https://infosec.exchange/@ajawzero Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
32:57
January 16, 2023
Windows Defender Firewall
Windows Defender Firewall
On this week's episode, Adam and Andy talk about Windows Defender Firewall. This often is overlooked, misconfigured, or part of legacy policies. With the start of a brand new year, it is a good time to take a look at your current firewall configurations and perhaps move them over to Intune as part of modern management. ------------------------------------------- Youtube Video Link: https://youtu.be/OhAdeQjjcj8 ------------------------------------------- Documentation: https://call4cloud.nl/2020/07/the-windows-firewall-rises/ https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security-firewall-rule-tool ------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Mastodon: https://infosec.exchange/@ajawzero Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
12:43
January 09, 2023
What we learned in 2022 in cybersecurity
What we learned in 2022 in cybersecurity
On this week's episode, Adam and Andy talk about some trends from this past year and what they would focus on securing for 2023. ------------------------------------------- Youtube Video Link: https://youtu.be/x_Yx42cKa0A ------------------------------------------- Documentation: https://techcrunch-com.cdn.ampproject.org/c/s/techcrunch.com/2022/12/22/okta-breach-source-code-github/amp/ https://www.microsoft.com/en-us/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/ ------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
26:38
January 02, 2023
Windows Autopatch with Special Guest Adam Nichols
Windows Autopatch with Special Guest Adam Nichols
On this week's episode, Adam and Andy talk with Adam Nichols, a Product Manager for Windows Autopatch. They talk about all things patching and do a deep dive on how the Windows Autopatch service works. Listen in if you're curious about the service and how to take advantage of it! ------------------------------------------- YouTube Video Link: https://youtu.be/LCFA8D9pbCA ------------------------------------------- Documentation: https://learn.microsoft.com/en-us/windows/deployment/windows-autopatch/overview/windows-autopatch-overview ------------------------------------------- Adam Nichols Linkedin: https://www.linkedin.com/in/adam-nichols-75739020/ Twitter: https://twitter.com/mauvlan ------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
40:00
December 26, 2022
Passkeys
Passkeys
On this week's episode, Adam and Andy talk about passkeys. This may be the replacement for passwords that we're looking for and it is starting to go mainstream with the collaboration between Microsoft, Apple, and Google. ------------------------------------------- YouTube Video Link: https://youtu.be/xYdtTWczwxQ ------------------------------------------- Documentation: https://passkeys.directory/ https://support.apple.com/guide/iphone/sign-in-with-passkeys-iphf538ea8d0/ios https://www.wired.com/story/how-to-use-passkeys-google-chrome-android/ https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/expansion-of-fido-standard-and-new-updates-for-microsoft/ba-p/3290633 https://www.theverge.com/2022/11/17/23464817/1password-passkey-support-security-apple-google ------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
26:40
December 19, 2022
Microsoft's Insider Risk Report
Microsoft's Insider Risk Report
On this week's episode, Adam and Andy talk about Microsoft's Insider Risk Report for 2022. This report give insight on how to build a holistic insider risk program but combining tooling, people management, trust, and processes. Insider risk is on the rise. Listen in as Andy and Adam break down the report and give you the highlights on how to get started on building your insider risk program. ------------------------------------------- YouTube Video Link: https://youtu.be/UdoBv3R-OeE ------------------------------------------- Documentation: https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE58Ymd ------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
30:58
December 12, 2022
DDoS Protection
DDoS Protection
On this week's episode, Adam and Andy talk about CISA's DDoS protection guidance. This follows the episode on Microsoft's Digital Defense Report where DDoS attacks and protections were also highlighting in the report. ------------------------------------------- YouTube Video Link: https://youtu.be/_9puZjc05H4 ------------------------------------------- Documentation: https://www.cisa.gov/sites/default/files/publications/understanding-and-responding-to-ddos-attacks_508c.pdf https://www.cisa.gov/cisa-tabletop-exercise-packages https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE5bUvv?culture=en-us&country=us https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE5bcRe?culture=en-us&country=us ------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
18:23
December 05, 2022
Microsoft's Digital Defense Report
Microsoft's Digital Defense Report
On this week's episode, Adam and Andy talk about Microsoft's Digital Defense Report. This report has a wealth of information on the state of cybersecurity, current trends, attack vectors, and defense suggestions for organizations. They break down some key points so listen in if you do not have time to read the entire report. ------------------------------------------- YouTube Video Link: https://youtu.be/CS5F8puZQXo ------------------------------------------- Documentation: https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE5bUvv?culture=en-us&country=us https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE5bcRe?culture=en-us&country=us ------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
38:37
November 28, 2022
How to Mastodon
How to Mastodon
On this week's episode, Adam is back and joined by Andy to talk about Mastodon. This decentralized social media platform has been around since 2016 and recently has been growing exponentially due to the Twitter migration. Critical mass has already happened for many communities including the infosec community so it is in our best interest to learn about it and learn how to use it. ------------------------------------------- Youtube Video Link: https://youtu.be/Rc40W8bcAs0 ------------------------------------------- Documentation: https://grahamcluley.com/mastodon-what-you-need-to-know-for-your-security-and-privacy/ https://www.hughrundle.net/home-invasion/ https://www.cyberscoop.com/twitter-dumpster-fire-infosectwitter/ ------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
34:09
November 21, 2022
Patch Tuesday, Medibank Breach, Twitter Meltdown
Patch Tuesday, Medibank Breach, Twitter Meltdown
This week, friend of the pod, Shannon Fritz, fills in for Adam and he and Andy talk about the big update for Patch Tuesday, the Medibank double extortion incident, and the meltdown happening at Twitter. ------------------------------------------- Youtube Video Link: ------------------------------------------- Documentation: https://support.microsoft.com/en-us/topic/november-8-2022-kb5019980-os-build-22621-819-b503e08b-b850-469a-8de9-74df8aebd5f4 https://www.9news.com.au/technology/medibank-hack-suspected-cybercriminal-releases-sample-of-australian-customer-data/26aa6096-f730-4a8c-83a1-b0d3da6519d7 https://twitter.com/leakissner/status/1590706305102381058?s=46&t=b1TkB4mKrocmPYWcffWQtg https://www.theverge.com/2022/11/10/23451198/twitter-ftc-elon-musk-lawyer-changes-fine-warning https://www.technologyreview.com/2022/11/08/1062886/heres-how-a-twitter-engineer-says-it-will-break-in-the-coming-weeks/ https://www.technologyreview.com/2022/11/11/1063162/twitters-imminent-collapse-could-wipe-out-vast-records-of-recent-human-history/ ------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
29:23
November 14, 2022
Old Phishing Tricks Are Still Working
Old Phishing Tricks Are Still Working
This week, Adam and Andy talk about the Dropbox and Twilio breach where old phishing tricks worked and attackers were able to get credentials. They also talk about CISA's new guidance on phish resistant MFA and Enhance Phishing Protection in Windows 11 22H2. ------------------------------------------- Youtube Video Link: https://youtu.be/06lGGC6GSJM ------------------------------------------- Documentation: https://dropbox.tech/security/a-recent-phishing-campaign-targeting-dropbox https://www.cisa.gov/sites/default/files/publications/fact-sheet-implementing-phishing-resistant-mfa-508c.pdf https://learn.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen?tabs=intune ------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
18:48
November 07, 2022
SOCRadar and Ignite 2022 highlights
SOCRadar and Ignite 2022 highlights
This week, Adam and Andy talk about the SOCRadar disclosure of a misconfigured Microsoft endpoint that led to a data privacy incident. They talk about what happened and what you should know as a Microsoft customer. They also go over some of the highlights from Ignite 2022 with new features and brands for endpoint management, identity, and security. ------------------------------------------- Youtube Video Link: https://youtu.be/mMlkJnpT9us ------------------------------------------- Documentation: https://msrc-blog.microsoft.com/2022/10/19/investigation-regarding-misconfigured-microsoft-storage-location-2/ https://news.microsoft.com/ignite-2022-book-of-news/ https://www.microsoft.com/security/blog/2022/10/12/5-cybersecurity-capabilities-announced-at-microsoft-ignite-2022-to-help-you-secure-more-with-less/ https://learn.microsoft.com/en-us/azure/active-directory/governance/what-are-lifecycle-workflows https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-strengths https://techcommunity.microsoft.com/t5/tech-community-live/microsoft-technical-takeoff-windows-and-microsoft-intune/ev-p/3632740 ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
44:13
October 31, 2022
IBM Incident Responder Report
IBM Incident Responder Report
This week, Adam and Andy talk about IBM's Incident Responder Report. This report has some great empirical data on incident responder perceptions and how incidents impact mental health. Listen in as they discuss some of the key findings in this report. ------------------------------------------- Youtube Video Link: https://youtu.be/hhnxHMbvASw ------------------------------------------- Documentation: https://www.ibm.com/downloads/cas/XKOY5OLO ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
34:01
October 24, 2022
BYOD Zero-Trust Architecture
BYOD Zero-Trust Architecture
This week, Adam and Andy talk about how to look at BYOD policies in a Zero-Trust architecture. They go over a blueprint put out by Microsoft Middle East and Africa that's a little bit older but is a great reference for anyone looking for guidance. ------------------------------------------- Youtube Video Link: https://youtu.be/pze2b0Ix8QI ------------------------------------------- Documentation: https://www.microsoft.com/en-us/insidetrack/transitioning-to-modern-access-architecture-with-zero-trust https://news.microsoft.com/wp-content/uploads/prod/sites/133/2021/03/MEA-Blueprint-for-BYOD-Use-v1.0-Final-Version.pdf ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
30:40
October 17, 2022
MDE Tamper Protection
MDE Tamper Protection
This week, Adam and Andy talk about Microsoft Defender for Endpoint's Tamper Protection. This type of feature is also available on other endpoint protection solutions. They talk about what it is, what's changing soon, and why you should turn this on. ------------------------------------------- Youtube Video Link: https://youtu.be/ZhhlianhqgY ------------------------------------------- Documentation: https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/tamper-protection-will-be-turned-on-for-all-enterprise-customers/ba-p/3616478 https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-worldwide https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/tamperprotection-macos?view=o365-worldwide ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
14:09
October 10, 2022
Active Directory Security Tips
Active Directory Security Tips
This week, Adam and Andy talk about some tips on securing Active Directory. This was inspired by a session led by Trimarc Security at The Experts Conference. ------------------------------------------- Youtube Video Link: https://youtu.be/7HQZQh-UzmQ ------------------------------------------- Documentation: https://www.trimarcsecurity.com/ https://www.quest.com/the-experts-conference/ https://www.hub.trimarcsecurity.com/post/ten-ways-to-improve-ad-security-quickly ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
28:30
October 03, 2022
Kerberoasted
Kerberoasted
This week, Adam and Andy talk about kerberoasting: how it works and how to defend against it. Listen in on this unique attack technique! ------------------------------------------- Youtube Video Link: https://youtu.be/sr75jgscnkQ ------------------------------------------- Documentation: https://www.linkedin.com/posts/heathadams_i-got-domain-admin-on-an-internal-pentest-activity-6976047836693966848-e3AM https://twitter.com/_wald0/status/1562871258190348289?s=20&t=xcJOw353X-xDvHB52BKxiA ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
18:02
September 26, 2022
Microsoft Teams, Patreon, and Uber
Microsoft Teams, Patreon, and Uber
This week, Adam and Andy talk about Microsoft Teams and the post-exploit technique that was discovered by Vetra's Project Team and the decision of Patreon to lay off their entire internal information security team. The also talk about Uber's on-going cybersecurity incident including some initial reports of how it happened as well as mitigations to prevent this type of attack in the future. ------------------------------------------- Youtube Video Link: https://youtu.be/FWnEma4hOWQ ------------------------------------------- Documentation: https://www.vectra.ai/blogpost/undermining-microsoft-teams-security-by-mining-tokens https://techcrunch.com/2022/09/09/patreon-security-layoffs/ https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-passwordless https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-faqs ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
29:12
September 19, 2022
Cloudflare and Kiwi Farms
Cloudflare and Kiwi Farms
This week, Adam and Andy breakdown what led to Cloudflare dropping Kiwi Farms as a customer, why the media and Twitter were up-in-arms about the whole incident, and their thoughts about the decision. ------------------------------------------- Youtube Video Link: https://youtu.be/NrNe_n95Tfk ------------------------------------------- Documentation: https://blog.cloudflare.com/cloudflares-abuse-policies-and-approach/  https://blog.cloudflare.com/kiwifarms-blocked/  https://rasbora.dev/blog/I-ran-the-worlds-largest-ddos-for-hire-empire-and-cloudflare-helped ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
33:54
September 12, 2022
Cloud Security 101
Cloud Security 101
This week, Adam and Andy talk about cloud security. If you're looking to learn about cloud security concepts, this is the show for you. They talk about basic and advanced security as well as risk assessment and other things you should consider when designing and architecting your security in the cloud. ------------------------------------------- Youtube Video Link: https://youtu.be/1sc1R8iL3wc ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
43:18
September 05, 2022
Beyond E5, Rebranding, Public Previews in Microsoft Security
Beyond E5, Rebranding, Public Previews in Microsoft Security
This week, Adam and Andy pull together all the new product launches and rebranding for Microsoft Security over the last couple of months. Listen in to learn about Microsoft Entra, Defender Threat Intel, App Governance, and Threat Experts. ------------------------------------------- Youtube Video Link: https://youtu.be/PSm97tY4q1E ------------------------------------------- Documentation: https://www.microsoft.com/security/blog/2022/05/31/secure-access-for-a-connected-worldmeet-microsoft-entra/ https://docs.microsoft.com/en-us/azure/active-directory/cloud-infrastructure-entitlement-management/overview https://docs.microsoft.com/en-us/azure/active-directory/verifiable-credentials/decentralized-identifier-overview https://docs.microsoft.com/en-us/defender/threat-intelligence/what-is-microsoft-defender-threat-intelligence-defender-ti https://docs.microsoft.com/en-us/azure/external-attack-surface-management/ https://www.microsoft.com/en-us/microsoft-365/blog/2022/04/05/ease-the-burden-of-managing-and-protecting-endpoints-with-microsoft-advanced-solutions/ https://docs.microsoft.com/en-us/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-threat-experts?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/security/defender/defender-experts-for-hunting?view=o365-worldwide ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
29:58
August 29, 2022
Quantum & Cryptography Follow-up, TikTok, and Janet Jackson
Quantum & Cryptography Follow-up, TikTok, and Janet Jackson
This week, Adam and Andy follow up on a few things from the post quantum cryptography episode talking about how one of the quantum resistant algorithms was broken and a lawsuit against the US government related to quantum encryption. They also chat about how TikTok may be storing information of US citizens on Chinese servers. Finally, they talk about how sound can be used as a cyber attack vector. ------------------------------------------- Youtube Video Link: https://youtu.be/CmcK2bwnqGo ------------------------------------------- Documentation: https://arstechnica.com/information-technology/2022/08/sike-once-a-post-quantum-encryption-contender-is-koed-in-nist-smackdown/ http://blog.cr.yp.to/20220805-nsa.html https://twitter.com/divinetechygirl/status/1560220472742232065?s=21&t=f3k3lt5ALc1VWGUNURu_bg https://www.neowin.net/news/janet-jackson-song-is-now-an-official-exploit-for-windows-pcs/?fs=e&s=cl https://www.zdnet.com/article/academics-steal-data-from-air-gapped-systems-using-pc-fan-vibrations/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
28:51
August 22, 2022
Post Quantum Series - Part 2 - Quantum Cryptography
Post Quantum Series - Part 2 - Quantum Cryptography
This week, Adam and Andy talk about post quantum cryptography this week. They go over why quantum computers are a threat to classical cryptography like public key encryption, quantum key distribution, and finally NIST's selection of quantum resistant cryptography. ------------------------------------------- Youtube Video Link: https://youtu.be/v8CVq09tnB4 ------------------------------------------- Documentation: https://www.whitehouse.gov/briefing-room/statements-releases/2022/05/04/national-security-memorandum-on-promoting-united-states-leadership-in-quantum-computing-while-mitigating-risks-to-vulnerable-cryptographic-systems/ https://www.whitehouse.gov/briefing-room/statements-releases/2022/06/28/fact-sheet-the-united-states-continues-to-strengthen-cooperation-with-g7-on-21st-century-challenges-including-those-posed-by-the-peoples-republic-of-china-prc/ https://www.nist.gov/news-events/news/2022/07/nist-announces-first-four-quantum-resistant-cryptographic-algorithms ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
24:59
August 15, 2022
Post Quantum Series - Part 1 - Quantum Computers
Post Quantum Series - Part 1 - Quantum Computers
This week, Adam and Andy start a two part series on post-quantum computer information security. This first part goes into understanding how quantum computers work and how they differ from classical computers. While it's not necessary to understand how quantum computers work to know the threat to information security they have, as technologist, it's always fun to expand our knowledge on these topics. We hope you learn as much as we did when we researched the topic for this episode! ------------------------------------------- Youtube Video Link: https://youtu.be/h8E2TL_UMQA ------------------------------------------- Documentation: https://www.ibm.com/quantum https://azure.microsoft.com/en-us/services/quantum/#overview https://quantumai.google/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
22:18
August 08, 2022
Exchange Online Protection Deep-Dive
Exchange Online Protection Deep-Dive
This week, Adam and Andy do a technical deep dive on Exchange Online Protection (EOP). They talk about the pre-delivery and post-delivery protections. They also talk about some of the zero-day protections that Defender for Office 365 provides similar to other competitors in the space and MX record vs API protection. ------------------------------------------- Youtube Video Link: https://youtu.be/-_pnAIR2Y48 ------------------------------------------- Documentation: https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/bc-p/3566717 https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/exchange-online-protection-overview?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/protection-stack-microsoft-defender-for-office365?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/defender-for-office-365?view=o365-worldwide ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
25:33
August 01, 2022
Personal and Organization Privacy
Personal and Organization Privacy
This week, Adam and Andy talk about privacy both in organizations and your personal life. They talk about some of the new Microsoft Purview Compliance Classifiers and how it might be an invasive for some orgs when implemented in the wrong way. They also talk about mobile device privacy in light of SCOTUS overturning Roe v Wade and how our data might be weaponized against us. Finally, they talk about some privacy tools that can help limit the telemetry to tech companies. ------------------------------------------- Youtube Video Link: https://youtu.be/o5k3gIMlPjs ------------------------------------------- Documentation: https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=In%20development%2CPreview&searchterms=Purview%2Cclassifier https://www.whitehouse.gov/briefing-room/statements-releases/2022/07/08/fact-sheet-president-biden-to-sign-executive-order-protecting-access-to-reproductive-health-care-services/ https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/cell-phone-hipaa/index.html https://globalprivacycontrol.org/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
39:19
July 25, 2022
Microsoft Security News
Microsoft Security News
This week, Adam and Andy talk about some security news relating to Microsoft. First they talk about a phishing campaign that Microsoft detailed that was going on affecting more than 10,000 orgs where the attackers are able to bypass MFA. They also talk about Microsoft's decision to roll back disabling VBA macros by default. Finally, they talk about Microsoft's DART team and how they approach ransomware and incident response. ------------------------------------------- Youtube Video Link: https://youtu.be/FJnrBMgw89g ------------------------------------------- Documentation: https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/ https://jeffreyappel.nl/blocking-internet-macros-in-office-and-dont-wait-for-microsoft/ https://docs.microsoft.com/en-us/security/compass/incident-response-playbook-dart-ransomware-approach ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
31:35
July 18, 2022
Risk Management and Data Protection
Risk Management and Data Protection
This week, Adam and Andy talk about risk-centric security management and how to shift from looking at just severity of vulnerabilities to reducing risk to your organization. They also talk about how attackers are shifting to data stealing on top of ransomware so organizations need to add data protection to their security stack. ------------------------------------------- Youtube Video Link: https://youtu.be/0Ivazm8hijM ------------------------------------------- Documentation: https://www.darkreading.com/risk/shifting-the-cybersecurity-paradigm-from-severity-focused-to-risk-centric https://www.darkreading.com/attacks-breaches/study-reveals-traditional-data-security-tools-have-a-60-failure-rate-against-ransomware-and-extortion https://docs.microsoft.com/en-us/microsoft-365/admin/manage/idle-session-timeout-web-apps?view=o365-worldwide ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
24:48
July 11, 2022
Basic Auth, Zero Days, & Burnout
Basic Auth, Zero Days, & Burnout
This week, Adam and Andy catch up some news in their first live show in a couple of weeks. First they talk about CISA's guidance to federal agencies to switch from basic auth to modern auth due to the retirement of basic auth on Oct 1, 2022. They also give the cumulative count of zero days for 2022 and some best practices for defense. Finally, they talk through the challenges of investing in people and the burnout felt community wide. ------------------------------------------- Youtube Video Link: https://youtu.be/XM-UwFajxHY ------------------------------------------- Documentation: https://www.cisa.gov/sites/default/files/publications/switch-to-modern-authentication-in-exchange-online-062822-508.pdf https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/workbook-legacy%20authentication ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
36:48
July 04, 2022
Secure Authentication to Azure VMs
Secure Authentication to Azure VMs
This week, Adam and Andy talk about different methods to modernize the way you authenticate to virtual machines located in Azure. The first is using Azure Active Directory and the second is using Azure Bastion. Listen in on how this will help you securely access your virtual machines. ------------------------------------------- Youtube Video Link: https://youtu.be/n25RmcPUI6M ------------------------------------------- Documentation: https://techcommunity.microsoft.com/t5/manufacturing/secure-authentication-to-linux-servers-in-azure/ba-p/3484607 https://docs.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-linux https://docs.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows https://docs.microsoft.com/en-us/azure/bastion/bastion-overview ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
15:05
June 27, 2022
Don't Phish Me, Bro
Don't Phish Me, Bro
This week, Adam and Andy talk about OMB procurement requirements changing due to increased cybersecurity defense, Gartner's thoughts on consolidated security platforms, and internal phishing campaigns. ------------------------------------------- Youtube Video Link: https://youtu.be/OZKS03pmk8M ------------------------------------------- Documentation: https://www.whitehouse.gov/omb/briefing-room/2022/03/07/omb-statement-on-enhancing-the-security-of-federally-procured-software/ https://www.gartner.com/doc/reprints?id=1-28F8N1LT&ct=211213&st=sb https://twitter.com/swiftonsecurity/status/1534762545524969473?s=21&t=zH3ZUwsZZVDH6ujtVtxTWw ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
28:17
June 20, 2022
Securing Guest Access to M365
Securing Guest Access to M365
This week, Adam and Andy talk about how to secure guest access and collaboration in Microsoft 365. They talk about the differences between member and guest users and how guest users are created. They also talk about best practices on how to secure access and collaborations in Sharepoint, Teams, and Azure AD. Finally, they end with talking about managing partner relationships and how that can impact access to an organization's tenant. ------------------------------------------- Youtube Video Link: https://youtu.be/PGjipcS6wiA ------------------------------------------- Documentation: https://docs.microsoft.com/en-us/microsoft-365/solutions/create-secure-guest-sharing-environment?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/solutions/collaborate-with-people-outside-your-organization?view=o365-worldwide https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/users-default-permissions#compare-member-and-guest-default-permissions https://docs.microsoft.com/en-US/microsoft-365/commerce/manage-partners?WT.mc_id=365AdminCSH_inproduct&view=o365-worldwide https://docs.microsoft.com/en-us/azure/lighthouse/overview ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
26:43
June 12, 2022
Windows Defender Exploit Guard
Windows Defender Exploit Guard
This week, Adam and Andy talk about Windows Defender Exploit Guard. This is a set of protections built into Windows Server and 10/11 operating systems that provide additional device hardening rules. This conversation was spawned by the current Follina vulnerability (CVE-2022-30190) where an Attack Surface Reduction (ASR) rule can prevent the attack from happening. ASR rules are part of Window Defender Exploit Guard. Dive in to learn all about it! ------------------------------------------- Youtube Video Link: https://youtu.be/ldFWF9GuMZY ------------------------------------------- Documentation: https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/ https://www.bleepingcomputer.com/news/security/windows-msdt-zero-day-vulnerability-gets-free-unofficial-patch/ https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/controlled-folders?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/exploit-protection?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/network-protection?view=o365-worldwide ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
21:36
June 06, 2022
Patch Management
Patch Management
This week, Adam and Andy talk about patch management. This is basic security and some organizations are still struggling with it. They talk about the explosion of zero days and why continuous monitoring of patching is so important. They also go over some policy that you should review as well as why you should switch to Windows Update for Business. Finally, they go over a new feature called Windows Autopatch announced a few weeks ago. ------------------------------------------- Youtube Video Link: https://youtu.be/KM_2OrB1Wy8 ------------------------------------------- Documentation: https://www.mandiant.com/resources/zero-days-exploited-2021 https://techcommunity.microsoft.com/t5/windows-it-pro-blog/the-windows-update-policies-you-should-set-and-why/ba-p/3270914 https://www.anoopcnair.com/windows-update-for-business-wufb-using-intune/ https://docs.microsoft.com/en-us/windows/deployment/update/waas-configure-wufb https://techcommunity.microsoft.com/t5/windows-it-pro-blog/get-current-and-stay-current-with-windows-autopatch/ba-p/3271839 ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
33:02
May 30, 2022
Domain Controller Security
Domain Controller Security
This week, Adam and Andy talk about some updated guidance for securing domain controllers in a world where the cloud is a security imperative. They also review some of the existing guidance and walk through the most important recommendations. ------------------------------------------- Youtube Video Link: https://youtu.be/AlJ1H7Ud4vc ------------------------------------------- Documentation: https://techcommunity.microsoft.com/t5/security-compliance-and-identity/updating-best-practices-for-domain-controllers/ba-p/3263043 https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/securing-domain-controllers-against-attack ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
23:36
May 23, 2022
Cyber Threat Intelligence with Special Guest Charity Wright
Cyber Threat Intelligence with Special Guest Charity Wright
This week, Adam and Andy talk with threat intelligence expert Charity Wright. Charity talks about her military career and how she got selected as a Chinese linguist and worked with the NSA. Charity works for Recorded Future currently and she talks about how threat intelligence can help bolster your cybersecurity program and why it's important to start gathering intel whether it's an internal team, a vendor, or using open source intelligence (OSINT). ------------------------------------------- Youtube Video Link: https://youtu.be/zkAg_mBp7N4 ------------------------------------------- Documentation: Charity Wright Twitter: https://twitter.com/CharityW4CTI Linkedin: https://www.linkedin.com/in/cwillhoite/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
40:47
May 16, 2022
Andy was hacked!
Andy was hacked!
This week, Adam and Andy talk about passwordless news released on World Password Day and about how Andy was hacked...listen in to hear the details of what happened! ------------------------------------------- Youtube Video Link: https://youtu.be/Go6cb9pU6ng ------------------------------------------- Documentation: https://techcommunity.microsoft.com/t5/azure-active-directory-identity/expansion-of-fido-standard-and-new-updates-for-microsoft/ba-p/3290633 ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
20:23
May 09, 2022
MFA Bombing
MFA Bombing
This week, Adam and Andy talk about MFA bombing. This tricky compromise circumvents MFA. Listen on what it is and how to protect against it. ------------------------------------------- Youtube Video Link: https://youtu.be/EFg-vw824PY ------------------------------------------- Documentation: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-phone ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
20:17
May 02, 2022
Interview with Special Guest Christina Morillo
Interview with Special Guest Christina Morillo
This week, Adam and Andy talk with Christina Morillo about identity, diversity in information security, and her book "97 Things Every Information Security Professional Should Know: Collective Wisdom from the Experts." We had so much fun talking and it was a great interview! ------------------------------------------- Documentation: Colors of Infosec: https://podcasts.apple.com/us/podcast/colors-of-infosec-podcast/id1531541552 Book: https://www.amazon.com/Things-Information-Security-Professional-Should/dp/1098101391 Christina on Twitter: https://twitter.com/divinetechygirl https://www.christinamorillo.com/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
34:19
April 25, 2022
VPNs vs SDPs
VPNs vs SDPs
Adam and Andy talk about VPN's versus Software Defined Perimeters (SDP) this week. They break down why companies still use VPN's and why they pose an infosec security risk. They present SDP's as a different way of thinking about how to access internal applications and some vendors in the space already. ------------------------------------------- Youtube Video Link: https://youtu.be/N8CxB84f50A ------------------------------------------- Documentation: https://www.blastwave.io/posts/house-of-cards-your-guide-to-getting-hacked-using-vpns https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/what-is-application-proxy https://www.microsoft.com/security/blog/2020/01/23/microsoft-zscaler-help-organizations-implement-zero-trust-model/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
31:20
April 18, 2022
Okta Says Sorry, Fake Warrants, New PCI Reqs
Okta Says Sorry, Fake Warrants, New PCI Reqs
This week's episode, Adam and Andy talk about some interesting infosec news including Okta's apology and how that affected their stock prices. They also talk about the latest Apple zero days and an interesting tactic cybercriminals are using to get sensitive data out of organizations. Finally, they chat about the new PCI 4.0 standard and what's different from the current standard. ------------------------------------------- Youtube Video Link: https://youtu.be/Dja0bWaARQU ------------------------------------------- Documentation: https://www.bleepingcomputer.com/news/security/okta-we-made-a-mistake-delaying-the-lapsus-hack-disclosure/ https://krebsonsecurity.com/2022/03/fake-emergency-search-warrants-draw-scrutiny-from-capitol-hill/ https://www.darkreading.com/edge-articles/what-s-new-in-pci-dss-4-0-for-authentication-requirements ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
33:06
April 11, 2022
LAPSUS$
LAPSUS$
This week's episode, Adam and Andy talk about the hacker group LAPSUS$. They go over what makes this group unique in the cybercriminal world and a breakdown of the latest high value targets. ------------------------------------------- Youtube Video Link: https://youtu.be/w-7RPcOl8HE ------------------------------------------- Documentation: https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/ https://www.linkedin.com/pulse/open-letter-okta-amit-yoran/ https://sec.okta.com/articles/2022/03/official-okta-statement-lapsus-claims https://support.okta.com/help/s/article/Frequently-Asked-Questions-Regarding-January-2022-Compromise?language=en_US ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
41:14
April 04, 2022
Infosec News Catch Up
Infosec News Catch Up
This week's episode, Adam and Andy catch up on some infosec news including the new Cyber Incident Reporting Act signed into law last week and other reporting policies on the horizon. They also talk about CISA's advisory on misconfigured MFA and Russia's new root certificate. ------------------------------------------- Youtube Video Link: https://youtu.be/igcF6dLvq4E ------------------------------------------- Documentation: https://www.cisa.gov/uscert/ncas/alerts/aa22-074a https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/workbook-conditional-access-gap-analyzer https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-insights-reporting https://www.eff.org/deeplinks/2022/03/you-should-not-trust-russias-new-trusted-root-ca ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
29:08
March 28, 2022
Helpdesk Security
Helpdesk Security
This week's episode, Adam and Andy talk about helpdesk security. Enterprise helpdesks are often a popular target for cybercriminals because they have access to sensitive information and accounts. Listen in as they talk about things to think about when driving towards a zero trust model for helpdesk security. ------------------------------------------- Youtube Video Link: https://youtu.be/6WPDH9W8UOQ ------------------------------------------- Documentation: https://www.linkedin.com/pulse/password-tickets-consume-31-40-help-desks-time-roy-verberne/?articleId=6627845881985146880 https://specopssoft.com/product/secure-service-desk/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
29:51
March 21, 2022
War in the Digital Age
War in the Digital Age
This week's episode, Adam and Andy talk about the Russian invasion of Ukraine and the information war that is happening behind the scenes. They go over some specific takeaways on what to focus on in this heightened state of cybersecurity risk. ------------------------------------------- Youtube Video Link: https://youtu.be/a2452Yd0--g ------------------------------------------- Documentation: SANS Webcast: Russian Cyber Attack Escalation in Ukraine - What You Need To Know! https://www.youtube.com/watch?v=bZoHePqoBtM https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
31:34
March 14, 2022
Windows Hello for Business Revisited
Windows Hello for Business Revisited
This week's episode, Adam and Andy talk about the new cloud key trust deployment model for Windows Hello for Business in hybrid environments. Cloud key trust greatly simplifies the deployment of Windows Hello for Business by removing the requirement for any PKI infrastructure. If you've been waiting to try this passwordless solution to authenticate to Windows PC's, now is the time. There are benefits even if you are using Azure AD Joined devices. Listen in on how to get started today! ------------------------------------------- Youtube Video Link: https://youtu.be/9e7XyVWIPk8 ------------------------------------------- Documentation: https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication#hybrid-azure-ad-join-authentication-using-azure-ad-kerberos-cloud-trust-preview ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
26:12
March 07, 2022
Password Cracking
Password Cracking
This week's episode, Adam and Andy talk about the basics of password cracking. Understanding how passwords are cracked by offensive security and cybercriminals can help defenders scope and make better password policies. ------------------------------------------- Youtube Video Link: https://youtu.be/f2IniyS8Le4 ------------------------------------------- Documentation: https://techcommunity.microsoft.com/t5/azure-active-directory-identity/your-pa-word-doesn-t-matter/ba-p/731984 ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
20:46
February 28, 2022
Geopolitical Crises and Cybersecurity
Geopolitical Crises and Cybersecurity
This week's episode, Adam and Andy talk about some of the geopolitical crises happening around the world with Russia and China and how that affects cybersecurity defenders. ------------------------------------------- Youtube Video Link: https://youtu.be/LATDlvH6h90 ------------------------------------------- Documentation: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
23:13
February 21, 2022
Windows Defender Application Control
Windows Defender Application Control
This week's episode, Adam and Andy continue their Windows Security series and talk about Defender Application Control. This is a great feature built into Windows Enterprise that can help reduce the attack surface in many use cases. Listen in on how it works and how to test and implement it. ------------------------------------------- Youtube Video Link: https://youtu.be/A0LXCsIIFBM ------------------------------------------- Documentation: https://call4cloud.nl/2021/06/wdac-or-the-unexpected-virtue-of-ignorance/ https://webapp-wdac-wizard.azurewebsites.net/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
22:53
February 14, 2022
Tabletop Scenarios with Special Guests Nate Gardner and Gavin Ashton
Tabletop Scenarios with Special Guests Nate Gardner and Gavin Ashton
This week's episode, Adam and Andy have a great time chatting with fellow cybersecurity professionals Nate Gardner and Gavin Ashton walking through tabletop scenarios. This is something security defenders should do to test their incident response plan. ------------------------------------------- Youtube Video Link: https://youtu.be/kwxSCd40gWQ ------------------------------------------- Documentation: