Skip to main content
Blue Security

Blue Security

By Andy Jaw & Adam Brewer

A podcast for information security defenders (blue team) on best practices, tools, and implementation for enterprise security.
Listen on Spotify
Where to listen
Amazon Music Logo

Amazon Music

Apple Podcasts Logo

Apple Podcasts

Castbox Logo

Castbox

Google Podcasts Logo

Google Podcasts

Overcast Logo

Overcast

Pocket Casts Logo

Pocket Casts

RadioPublic Logo

RadioPublic

Spotify Logo

Spotify

Stitcher Logo

Stitcher

Currently playing episode

Kerberoasted

Blue Security

1x
DDoS Protection
DDoS Protection
On this week's episode, Adam and Andy talk about CISA's DDoS protection guidance. This follows the episode on Microsoft's Digital Defense Report where DDoS attacks and protections were also highlighting in the report. ------------------------------------------- YouTube Video Link: https://youtu.be/_9puZjc05H4 ------------------------------------------- Documentation: https://www.cisa.gov/sites/default/files/publications/understanding-and-responding-to-ddos-attacks_508c.pdf https://www.cisa.gov/cisa-tabletop-exercise-packages https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE5bUvv?culture=en-us&country=us https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE5bcRe?culture=en-us&country=us ------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
18:23
December 05, 2022
Microsoft's Digital Defense Report
Microsoft's Digital Defense Report
On this week's episode, Adam and Andy talk about Microsoft's Digital Defense Report. This report has a wealth of information on the state of cybersecurity, current trends, attack vectors, and defense suggestions for organizations. They break down some key points so listen in if you do not have time to read the entire report. ------------------------------------------- YouTube Video Link: https://youtu.be/CS5F8puZQXo ------------------------------------------- Documentation: https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE5bUvv?culture=en-us&country=us https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE5bcRe?culture=en-us&country=us ------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
38:37
November 28, 2022
How to Mastodon
How to Mastodon
On this week's episode, Adam is back and joined by Andy to talk about Mastodon. This decentralized social media platform has been around since 2016 and recently has been growing exponentially due to the Twitter migration. Critical mass has already happened for many communities including the infosec community so it is in our best interest to learn about it and learn how to use it. ------------------------------------------- Youtube Video Link: https://youtu.be/Rc40W8bcAs0 ------------------------------------------- Documentation: https://grahamcluley.com/mastodon-what-you-need-to-know-for-your-security-and-privacy/ https://www.hughrundle.net/home-invasion/ https://www.cyberscoop.com/twitter-dumpster-fire-infosectwitter/ ------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
34:09
November 21, 2022
Patch Tuesday, Medibank Breach, Twitter Meltdown
Patch Tuesday, Medibank Breach, Twitter Meltdown
This week, friend of the pod, Shannon Fritz, fills in for Adam and he and Andy talk about the big update for Patch Tuesday, the Medibank double extortion incident, and the meltdown happening at Twitter. ------------------------------------------- Youtube Video Link: ------------------------------------------- Documentation: https://support.microsoft.com/en-us/topic/november-8-2022-kb5019980-os-build-22621-819-b503e08b-b850-469a-8de9-74df8aebd5f4 https://www.9news.com.au/technology/medibank-hack-suspected-cybercriminal-releases-sample-of-australian-customer-data/26aa6096-f730-4a8c-83a1-b0d3da6519d7 https://twitter.com/leakissner/status/1590706305102381058?s=46&t=b1TkB4mKrocmPYWcffWQtg https://www.theverge.com/2022/11/10/23451198/twitter-ftc-elon-musk-lawyer-changes-fine-warning https://www.technologyreview.com/2022/11/08/1062886/heres-how-a-twitter-engineer-says-it-will-break-in-the-coming-weeks/ https://www.technologyreview.com/2022/11/11/1063162/twitters-imminent-collapse-could-wipe-out-vast-records-of-recent-human-history/ ------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
29:23
November 14, 2022
Old Phishing Tricks Are Still Working
Old Phishing Tricks Are Still Working
This week, Adam and Andy talk about the Dropbox and Twilio breach where old phishing tricks worked and attackers were able to get credentials. They also talk about CISA's new guidance on phish resistant MFA and Enhance Phishing Protection in Windows 11 22H2. ------------------------------------------- Youtube Video Link: https://youtu.be/06lGGC6GSJM ------------------------------------------- Documentation: https://dropbox.tech/security/a-recent-phishing-campaign-targeting-dropbox https://www.cisa.gov/sites/default/files/publications/fact-sheet-implementing-phishing-resistant-mfa-508c.pdf https://learn.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen?tabs=intune ------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
18:48
November 07, 2022
SOCRadar and Ignite 2022 highlights
SOCRadar and Ignite 2022 highlights
This week, Adam and Andy talk about the SOCRadar disclosure of a misconfigured Microsoft endpoint that led to a data privacy incident. They talk about what happened and what you should know as a Microsoft customer. They also go over some of the highlights from Ignite 2022 with new features and brands for endpoint management, identity, and security. ------------------------------------------- Youtube Video Link: https://youtu.be/mMlkJnpT9us ------------------------------------------- Documentation: https://msrc-blog.microsoft.com/2022/10/19/investigation-regarding-misconfigured-microsoft-storage-location-2/ https://news.microsoft.com/ignite-2022-book-of-news/ https://www.microsoft.com/security/blog/2022/10/12/5-cybersecurity-capabilities-announced-at-microsoft-ignite-2022-to-help-you-secure-more-with-less/ https://learn.microsoft.com/en-us/azure/active-directory/governance/what-are-lifecycle-workflows https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-strengths https://techcommunity.microsoft.com/t5/tech-community-live/microsoft-technical-takeoff-windows-and-microsoft-intune/ev-p/3632740 ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
44:13
October 31, 2022
IBM Incident Responder Report
IBM Incident Responder Report
This week, Adam and Andy talk about IBM's Incident Responder Report. This report has some great empirical data on incident responder perceptions and how incidents impact mental health. Listen in as they discuss some of the key findings in this report. ------------------------------------------- Youtube Video Link: https://youtu.be/hhnxHMbvASw ------------------------------------------- Documentation: https://www.ibm.com/downloads/cas/XKOY5OLO ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
34:01
October 24, 2022
BYOD Zero-Trust Architecture
BYOD Zero-Trust Architecture
This week, Adam and Andy talk about how to look at BYOD policies in a Zero-Trust architecture. They go over a blueprint put out by Microsoft Middle East and Africa that's a little bit older but is a great reference for anyone looking for guidance. ------------------------------------------- Youtube Video Link: https://youtu.be/pze2b0Ix8QI ------------------------------------------- Documentation: https://www.microsoft.com/en-us/insidetrack/transitioning-to-modern-access-architecture-with-zero-trust https://news.microsoft.com/wp-content/uploads/prod/sites/133/2021/03/MEA-Blueprint-for-BYOD-Use-v1.0-Final-Version.pdf ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
30:40
October 17, 2022
MDE Tamper Protection
MDE Tamper Protection
This week, Adam and Andy talk about Microsoft Defender for Endpoint's Tamper Protection. This type of feature is also available on other endpoint protection solutions. They talk about what it is, what's changing soon, and why you should turn this on. ------------------------------------------- Youtube Video Link: https://youtu.be/ZhhlianhqgY ------------------------------------------- Documentation: https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/tamper-protection-will-be-turned-on-for-all-enterprise-customers/ba-p/3616478 https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-worldwide https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/tamperprotection-macos?view=o365-worldwide ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
14:09
October 10, 2022
Active Directory Security Tips
Active Directory Security Tips
This week, Adam and Andy talk about some tips on securing Active Directory. This was inspired by a session led by Trimarc Security at The Experts Conference. ------------------------------------------- Youtube Video Link: https://youtu.be/7HQZQh-UzmQ ------------------------------------------- Documentation: https://www.trimarcsecurity.com/ https://www.quest.com/the-experts-conference/ https://www.hub.trimarcsecurity.com/post/ten-ways-to-improve-ad-security-quickly ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
28:30
October 03, 2022
Kerberoasted
Kerberoasted
This week, Adam and Andy talk about kerberoasting: how it works and how to defend against it. Listen in on this unique attack technique! ------------------------------------------- Youtube Video Link: https://youtu.be/sr75jgscnkQ ------------------------------------------- Documentation: https://www.linkedin.com/posts/heathadams_i-got-domain-admin-on-an-internal-pentest-activity-6976047836693966848-e3AM https://twitter.com/_wald0/status/1562871258190348289?s=20&t=xcJOw353X-xDvHB52BKxiA ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
18:02
September 26, 2022
Microsoft Teams, Patreon, and Uber
Microsoft Teams, Patreon, and Uber
This week, Adam and Andy talk about Microsoft Teams and the post-exploit technique that was discovered by Vetra's Project Team and the decision of Patreon to lay off their entire internal information security team. The also talk about Uber's on-going cybersecurity incident including some initial reports of how it happened as well as mitigations to prevent this type of attack in the future. ------------------------------------------- Youtube Video Link: https://youtu.be/FWnEma4hOWQ ------------------------------------------- Documentation: https://www.vectra.ai/blogpost/undermining-microsoft-teams-security-by-mining-tokens https://techcrunch.com/2022/09/09/patreon-security-layoffs/ https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-passwordless https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-faqs ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
29:12
September 19, 2022
Cloudflare and Kiwi Farms
Cloudflare and Kiwi Farms
This week, Adam and Andy breakdown what led to Cloudflare dropping Kiwi Farms as a customer, why the media and Twitter were up-in-arms about the whole incident, and their thoughts about the decision. ------------------------------------------- Youtube Video Link: https://youtu.be/NrNe_n95Tfk ------------------------------------------- Documentation: https://blog.cloudflare.com/cloudflares-abuse-policies-and-approach/  https://blog.cloudflare.com/kiwifarms-blocked/  https://rasbora.dev/blog/I-ran-the-worlds-largest-ddos-for-hire-empire-and-cloudflare-helped ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
33:54
September 12, 2022
Cloud Security 101
Cloud Security 101
This week, Adam and Andy talk about cloud security. If you're looking to learn about cloud security concepts, this is the show for you. They talk about basic and advanced security as well as risk assessment and other things you should consider when designing and architecting your security in the cloud. ------------------------------------------- Youtube Video Link: https://youtu.be/1sc1R8iL3wc ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
43:18
September 05, 2022
Beyond E5, Rebranding, Public Previews in Microsoft Security
Beyond E5, Rebranding, Public Previews in Microsoft Security
This week, Adam and Andy pull together all the new product launches and rebranding for Microsoft Security over the last couple of months. Listen in to learn about Microsoft Entra, Defender Threat Intel, App Governance, and Threat Experts. ------------------------------------------- Youtube Video Link: https://youtu.be/PSm97tY4q1E ------------------------------------------- Documentation: https://www.microsoft.com/security/blog/2022/05/31/secure-access-for-a-connected-worldmeet-microsoft-entra/ https://docs.microsoft.com/en-us/azure/active-directory/cloud-infrastructure-entitlement-management/overview https://docs.microsoft.com/en-us/azure/active-directory/verifiable-credentials/decentralized-identifier-overview https://docs.microsoft.com/en-us/defender/threat-intelligence/what-is-microsoft-defender-threat-intelligence-defender-ti https://docs.microsoft.com/en-us/azure/external-attack-surface-management/ https://www.microsoft.com/en-us/microsoft-365/blog/2022/04/05/ease-the-burden-of-managing-and-protecting-endpoints-with-microsoft-advanced-solutions/ https://docs.microsoft.com/en-us/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-threat-experts?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/security/defender/defender-experts-for-hunting?view=o365-worldwide ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
29:58
August 29, 2022
Quantum & Cryptography Follow-up, TikTok, and Janet Jackson
Quantum & Cryptography Follow-up, TikTok, and Janet Jackson
This week, Adam and Andy follow up on a few things from the post quantum cryptography episode talking about how one of the quantum resistant algorithms was broken and a lawsuit against the US government related to quantum encryption. They also chat about how TikTok may be storing information of US citizens on Chinese servers. Finally, they talk about how sound can be used as a cyber attack vector. ------------------------------------------- Youtube Video Link: https://youtu.be/CmcK2bwnqGo ------------------------------------------- Documentation: https://arstechnica.com/information-technology/2022/08/sike-once-a-post-quantum-encryption-contender-is-koed-in-nist-smackdown/ http://blog.cr.yp.to/20220805-nsa.html https://twitter.com/divinetechygirl/status/1560220472742232065?s=21&t=f3k3lt5ALc1VWGUNURu_bg https://www.neowin.net/news/janet-jackson-song-is-now-an-official-exploit-for-windows-pcs/?fs=e&s=cl https://www.zdnet.com/article/academics-steal-data-from-air-gapped-systems-using-pc-fan-vibrations/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
28:51
August 22, 2022
Post Quantum Series - Part 2 - Quantum Cryptography
Post Quantum Series - Part 2 - Quantum Cryptography
This week, Adam and Andy talk about post quantum cryptography this week. They go over why quantum computers are a threat to classical cryptography like public key encryption, quantum key distribution, and finally NIST's selection of quantum resistant cryptography. ------------------------------------------- Youtube Video Link: https://youtu.be/v8CVq09tnB4 ------------------------------------------- Documentation: https://www.whitehouse.gov/briefing-room/statements-releases/2022/05/04/national-security-memorandum-on-promoting-united-states-leadership-in-quantum-computing-while-mitigating-risks-to-vulnerable-cryptographic-systems/ https://www.whitehouse.gov/briefing-room/statements-releases/2022/06/28/fact-sheet-the-united-states-continues-to-strengthen-cooperation-with-g7-on-21st-century-challenges-including-those-posed-by-the-peoples-republic-of-china-prc/ https://www.nist.gov/news-events/news/2022/07/nist-announces-first-four-quantum-resistant-cryptographic-algorithms ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
24:59
August 15, 2022
Post Quantum Series - Part 1 - Quantum Computers
Post Quantum Series - Part 1 - Quantum Computers
This week, Adam and Andy start a two part series on post-quantum computer information security. This first part goes into understanding how quantum computers work and how they differ from classical computers. While it's not necessary to understand how quantum computers work to know the threat to information security they have, as technologist, it's always fun to expand our knowledge on these topics. We hope you learn as much as we did when we researched the topic for this episode! ------------------------------------------- Youtube Video Link: https://youtu.be/h8E2TL_UMQA ------------------------------------------- Documentation: https://www.ibm.com/quantum https://azure.microsoft.com/en-us/services/quantum/#overview https://quantumai.google/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
22:18
August 08, 2022
Exchange Online Protection Deep-Dive
Exchange Online Protection Deep-Dive
This week, Adam and Andy do a technical deep dive on Exchange Online Protection (EOP). They talk about the pre-delivery and post-delivery protections. They also talk about some of the zero-day protections that Defender for Office 365 provides similar to other competitors in the space and MX record vs API protection. ------------------------------------------- Youtube Video Link: https://youtu.be/-_pnAIR2Y48 ------------------------------------------- Documentation: https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/bc-p/3566717 https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/exchange-online-protection-overview?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/protection-stack-microsoft-defender-for-office365?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/defender-for-office-365?view=o365-worldwide ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
25:33
August 01, 2022
Personal and Organization Privacy
Personal and Organization Privacy
This week, Adam and Andy talk about privacy both in organizations and your personal life. They talk about some of the new Microsoft Purview Compliance Classifiers and how it might be an invasive for some orgs when implemented in the wrong way. They also talk about mobile device privacy in light of SCOTUS overturning Roe v Wade and how our data might be weaponized against us. Finally, they talk about some privacy tools that can help limit the telemetry to tech companies. ------------------------------------------- Youtube Video Link: https://youtu.be/o5k3gIMlPjs ------------------------------------------- Documentation: https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=In%20development%2CPreview&searchterms=Purview%2Cclassifier https://www.whitehouse.gov/briefing-room/statements-releases/2022/07/08/fact-sheet-president-biden-to-sign-executive-order-protecting-access-to-reproductive-health-care-services/ https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/cell-phone-hipaa/index.html https://globalprivacycontrol.org/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
39:19
July 25, 2022
Microsoft Security News
Microsoft Security News
This week, Adam and Andy talk about some security news relating to Microsoft. First they talk about a phishing campaign that Microsoft detailed that was going on affecting more than 10,000 orgs where the attackers are able to bypass MFA. They also talk about Microsoft's decision to roll back disabling VBA macros by default. Finally, they talk about Microsoft's DART team and how they approach ransomware and incident response. ------------------------------------------- Youtube Video Link: https://youtu.be/FJnrBMgw89g ------------------------------------------- Documentation: https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/ https://jeffreyappel.nl/blocking-internet-macros-in-office-and-dont-wait-for-microsoft/ https://docs.microsoft.com/en-us/security/compass/incident-response-playbook-dart-ransomware-approach ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
31:35
July 18, 2022
Risk Management and Data Protection
Risk Management and Data Protection
This week, Adam and Andy talk about risk-centric security management and how to shift from looking at just severity of vulnerabilities to reducing risk to your organization. They also talk about how attackers are shifting to data stealing on top of ransomware so organizations need to add data protection to their security stack. ------------------------------------------- Youtube Video Link: https://youtu.be/0Ivazm8hijM ------------------------------------------- Documentation: https://www.darkreading.com/risk/shifting-the-cybersecurity-paradigm-from-severity-focused-to-risk-centric https://www.darkreading.com/attacks-breaches/study-reveals-traditional-data-security-tools-have-a-60-failure-rate-against-ransomware-and-extortion https://docs.microsoft.com/en-us/microsoft-365/admin/manage/idle-session-timeout-web-apps?view=o365-worldwide ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
24:48
July 11, 2022
Basic Auth, Zero Days, & Burnout
Basic Auth, Zero Days, & Burnout
This week, Adam and Andy catch up some news in their first live show in a couple of weeks. First they talk about CISA's guidance to federal agencies to switch from basic auth to modern auth due to the retirement of basic auth on Oct 1, 2022. They also give the cumulative count of zero days for 2022 and some best practices for defense. Finally, they talk through the challenges of investing in people and the burnout felt community wide. ------------------------------------------- Youtube Video Link: https://youtu.be/XM-UwFajxHY ------------------------------------------- Documentation: https://www.cisa.gov/sites/default/files/publications/switch-to-modern-authentication-in-exchange-online-062822-508.pdf https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/workbook-legacy%20authentication ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
36:48
July 04, 2022
Secure Authentication to Azure VMs
Secure Authentication to Azure VMs
This week, Adam and Andy talk about different methods to modernize the way you authenticate to virtual machines located in Azure. The first is using Azure Active Directory and the second is using Azure Bastion. Listen in on how this will help you securely access your virtual machines. ------------------------------------------- Youtube Video Link: https://youtu.be/n25RmcPUI6M ------------------------------------------- Documentation: https://techcommunity.microsoft.com/t5/manufacturing/secure-authentication-to-linux-servers-in-azure/ba-p/3484607 https://docs.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-linux https://docs.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows https://docs.microsoft.com/en-us/azure/bastion/bastion-overview ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
15:05
June 27, 2022
Don't Phish Me, Bro
Don't Phish Me, Bro
This week, Adam and Andy talk about OMB procurement requirements changing due to increased cybersecurity defense, Gartner's thoughts on consolidated security platforms, and internal phishing campaigns. ------------------------------------------- Youtube Video Link: https://youtu.be/OZKS03pmk8M ------------------------------------------- Documentation: https://www.whitehouse.gov/omb/briefing-room/2022/03/07/omb-statement-on-enhancing-the-security-of-federally-procured-software/ https://www.gartner.com/doc/reprints?id=1-28F8N1LT&ct=211213&st=sb https://twitter.com/swiftonsecurity/status/1534762545524969473?s=21&t=zH3ZUwsZZVDH6ujtVtxTWw ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
28:17
June 20, 2022
Securing Guest Access to M365
Securing Guest Access to M365
This week, Adam and Andy talk about how to secure guest access and collaboration in Microsoft 365. They talk about the differences between member and guest users and how guest users are created. They also talk about best practices on how to secure access and collaborations in Sharepoint, Teams, and Azure AD. Finally, they end with talking about managing partner relationships and how that can impact access to an organization's tenant. ------------------------------------------- Youtube Video Link: https://youtu.be/PGjipcS6wiA ------------------------------------------- Documentation: https://docs.microsoft.com/en-us/microsoft-365/solutions/create-secure-guest-sharing-environment?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/solutions/collaborate-with-people-outside-your-organization?view=o365-worldwide https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/users-default-permissions#compare-member-and-guest-default-permissions https://docs.microsoft.com/en-US/microsoft-365/commerce/manage-partners?WT.mc_id=365AdminCSH_inproduct&view=o365-worldwide https://docs.microsoft.com/en-us/azure/lighthouse/overview ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
26:43
June 12, 2022
Windows Defender Exploit Guard
Windows Defender Exploit Guard
This week, Adam and Andy talk about Windows Defender Exploit Guard. This is a set of protections built into Windows Server and 10/11 operating systems that provide additional device hardening rules. This conversation was spawned by the current Follina vulnerability (CVE-2022-30190) where an Attack Surface Reduction (ASR) rule can prevent the attack from happening. ASR rules are part of Window Defender Exploit Guard. Dive in to learn all about it! ------------------------------------------- Youtube Video Link: https://youtu.be/ldFWF9GuMZY ------------------------------------------- Documentation: https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/ https://www.bleepingcomputer.com/news/security/windows-msdt-zero-day-vulnerability-gets-free-unofficial-patch/ https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/controlled-folders?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/exploit-protection?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/network-protection?view=o365-worldwide ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
21:36
June 06, 2022
Patch Management
Patch Management
This week, Adam and Andy talk about patch management. This is basic security and some organizations are still struggling with it. They talk about the explosion of zero days and why continuous monitoring of patching is so important. They also go over some policy that you should review as well as why you should switch to Windows Update for Business. Finally, they go over a new feature called Windows Autopatch announced a few weeks ago. ------------------------------------------- Youtube Video Link: https://youtu.be/KM_2OrB1Wy8 ------------------------------------------- Documentation: https://www.mandiant.com/resources/zero-days-exploited-2021 https://techcommunity.microsoft.com/t5/windows-it-pro-blog/the-windows-update-policies-you-should-set-and-why/ba-p/3270914 https://www.anoopcnair.com/windows-update-for-business-wufb-using-intune/ https://docs.microsoft.com/en-us/windows/deployment/update/waas-configure-wufb https://techcommunity.microsoft.com/t5/windows-it-pro-blog/get-current-and-stay-current-with-windows-autopatch/ba-p/3271839 ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
33:02
May 30, 2022
Domain Controller Security
Domain Controller Security
This week, Adam and Andy talk about some updated guidance for securing domain controllers in a world where the cloud is a security imperative. They also review some of the existing guidance and walk through the most important recommendations. ------------------------------------------- Youtube Video Link: https://youtu.be/AlJ1H7Ud4vc ------------------------------------------- Documentation: https://techcommunity.microsoft.com/t5/security-compliance-and-identity/updating-best-practices-for-domain-controllers/ba-p/3263043 https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/securing-domain-controllers-against-attack ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
23:36
May 23, 2022
Cyber Threat Intelligence with Special Guest Charity Wright
Cyber Threat Intelligence with Special Guest Charity Wright
This week, Adam and Andy talk with threat intelligence expert Charity Wright. Charity talks about her military career and how she got selected as a Chinese linguist and worked with the NSA. Charity works for Recorded Future currently and she talks about how threat intelligence can help bolster your cybersecurity program and why it's important to start gathering intel whether it's an internal team, a vendor, or using open source intelligence (OSINT). ------------------------------------------- Youtube Video Link: https://youtu.be/zkAg_mBp7N4 ------------------------------------------- Documentation: Charity Wright Twitter: https://twitter.com/CharityW4CTI Linkedin: https://www.linkedin.com/in/cwillhoite/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
40:47
May 16, 2022
Andy was hacked!
Andy was hacked!
This week, Adam and Andy talk about passwordless news released on World Password Day and about how Andy was hacked...listen in to hear the details of what happened! ------------------------------------------- Youtube Video Link: https://youtu.be/Go6cb9pU6ng ------------------------------------------- Documentation: https://techcommunity.microsoft.com/t5/azure-active-directory-identity/expansion-of-fido-standard-and-new-updates-for-microsoft/ba-p/3290633 ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
20:23
May 09, 2022
MFA Bombing
MFA Bombing
This week, Adam and Andy talk about MFA bombing. This tricky compromise circumvents MFA. Listen on what it is and how to protect against it. ------------------------------------------- Youtube Video Link: https://youtu.be/EFg-vw824PY ------------------------------------------- Documentation: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-phone ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
20:17
May 02, 2022
Interview with Special Guest Christina Morillo
Interview with Special Guest Christina Morillo
This week, Adam and Andy talk with Christina Morillo about identity, diversity in information security, and her book "97 Things Every Information Security Professional Should Know: Collective Wisdom from the Experts." We had so much fun talking and it was a great interview! ------------------------------------------- Documentation: Colors of Infosec: https://podcasts.apple.com/us/podcast/colors-of-infosec-podcast/id1531541552 Book: https://www.amazon.com/Things-Information-Security-Professional-Should/dp/1098101391 Christina on Twitter: https://twitter.com/divinetechygirl https://www.christinamorillo.com/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
34:19
April 25, 2022
VPNs vs SDPs
VPNs vs SDPs
Adam and Andy talk about VPN's versus Software Defined Perimeters (SDP) this week. They break down why companies still use VPN's and why they pose an infosec security risk. They present SDP's as a different way of thinking about how to access internal applications and some vendors in the space already. ------------------------------------------- Youtube Video Link: https://youtu.be/N8CxB84f50A ------------------------------------------- Documentation: https://www.blastwave.io/posts/house-of-cards-your-guide-to-getting-hacked-using-vpns https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/what-is-application-proxy https://www.microsoft.com/security/blog/2020/01/23/microsoft-zscaler-help-organizations-implement-zero-trust-model/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
31:20
April 18, 2022
Okta Says Sorry, Fake Warrants, New PCI Reqs
Okta Says Sorry, Fake Warrants, New PCI Reqs
This week's episode, Adam and Andy talk about some interesting infosec news including Okta's apology and how that affected their stock prices. They also talk about the latest Apple zero days and an interesting tactic cybercriminals are using to get sensitive data out of organizations. Finally, they chat about the new PCI 4.0 standard and what's different from the current standard. ------------------------------------------- Youtube Video Link: https://youtu.be/Dja0bWaARQU ------------------------------------------- Documentation: https://www.bleepingcomputer.com/news/security/okta-we-made-a-mistake-delaying-the-lapsus-hack-disclosure/ https://krebsonsecurity.com/2022/03/fake-emergency-search-warrants-draw-scrutiny-from-capitol-hill/ https://www.darkreading.com/edge-articles/what-s-new-in-pci-dss-4-0-for-authentication-requirements ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
33:06
April 11, 2022
LAPSUS$
LAPSUS$
This week's episode, Adam and Andy talk about the hacker group LAPSUS$. They go over what makes this group unique in the cybercriminal world and a breakdown of the latest high value targets. ------------------------------------------- Youtube Video Link: https://youtu.be/w-7RPcOl8HE ------------------------------------------- Documentation: https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/ https://www.linkedin.com/pulse/open-letter-okta-amit-yoran/ https://sec.okta.com/articles/2022/03/official-okta-statement-lapsus-claims https://support.okta.com/help/s/article/Frequently-Asked-Questions-Regarding-January-2022-Compromise?language=en_US ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
41:14
April 04, 2022
Infosec News Catch Up
Infosec News Catch Up
This week's episode, Adam and Andy catch up on some infosec news including the new Cyber Incident Reporting Act signed into law last week and other reporting policies on the horizon. They also talk about CISA's advisory on misconfigured MFA and Russia's new root certificate. ------------------------------------------- Youtube Video Link: https://youtu.be/igcF6dLvq4E ------------------------------------------- Documentation: https://www.cisa.gov/uscert/ncas/alerts/aa22-074a https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/workbook-conditional-access-gap-analyzer https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-insights-reporting https://www.eff.org/deeplinks/2022/03/you-should-not-trust-russias-new-trusted-root-ca ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
29:08
March 28, 2022
Helpdesk Security
Helpdesk Security
This week's episode, Adam and Andy talk about helpdesk security. Enterprise helpdesks are often a popular target for cybercriminals because they have access to sensitive information and accounts. Listen in as they talk about things to think about when driving towards a zero trust model for helpdesk security. ------------------------------------------- Youtube Video Link: https://youtu.be/6WPDH9W8UOQ ------------------------------------------- Documentation: https://www.linkedin.com/pulse/password-tickets-consume-31-40-help-desks-time-roy-verberne/?articleId=6627845881985146880 https://specopssoft.com/product/secure-service-desk/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
29:51
March 21, 2022
War in the Digital Age
War in the Digital Age
This week's episode, Adam and Andy talk about the Russian invasion of Ukraine and the information war that is happening behind the scenes. They go over some specific takeaways on what to focus on in this heightened state of cybersecurity risk. ------------------------------------------- Youtube Video Link: https://youtu.be/a2452Yd0--g ------------------------------------------- Documentation: SANS Webcast: Russian Cyber Attack Escalation in Ukraine - What You Need To Know! https://www.youtube.com/watch?v=bZoHePqoBtM https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
31:34
March 14, 2022
Windows Hello for Business Revisited
Windows Hello for Business Revisited
This week's episode, Adam and Andy talk about the new cloud key trust deployment model for Windows Hello for Business in hybrid environments. Cloud key trust greatly simplifies the deployment of Windows Hello for Business by removing the requirement for any PKI infrastructure. If you've been waiting to try this passwordless solution to authenticate to Windows PC's, now is the time. There are benefits even if you are using Azure AD Joined devices. Listen in on how to get started today! ------------------------------------------- Youtube Video Link: https://youtu.be/9e7XyVWIPk8 ------------------------------------------- Documentation: https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication#hybrid-azure-ad-join-authentication-using-azure-ad-kerberos-cloud-trust-preview ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
26:12
March 07, 2022
Password Cracking
Password Cracking
This week's episode, Adam and Andy talk about the basics of password cracking. Understanding how passwords are cracked by offensive security and cybercriminals can help defenders scope and make better password policies. ------------------------------------------- Youtube Video Link: https://youtu.be/f2IniyS8Le4 ------------------------------------------- Documentation: https://techcommunity.microsoft.com/t5/azure-active-directory-identity/your-pa-word-doesn-t-matter/ba-p/731984 ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
20:46
February 28, 2022
Geopolitical Crises and Cybersecurity
Geopolitical Crises and Cybersecurity
This week's episode, Adam and Andy talk about some of the geopolitical crises happening around the world with Russia and China and how that affects cybersecurity defenders. ------------------------------------------- Youtube Video Link: https://youtu.be/LATDlvH6h90 ------------------------------------------- Documentation: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
23:13
February 21, 2022
Windows Defender Application Control
Windows Defender Application Control
This week's episode, Adam and Andy continue their Windows Security series and talk about Defender Application Control. This is a great feature built into Windows Enterprise that can help reduce the attack surface in many use cases. Listen in on how it works and how to test and implement it. ------------------------------------------- Youtube Video Link: https://youtu.be/A0LXCsIIFBM ------------------------------------------- Documentation: https://call4cloud.nl/2021/06/wdac-or-the-unexpected-virtue-of-ignorance/ https://webapp-wdac-wizard.azurewebsites.net/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
22:53
February 14, 2022
Tabletop Scenarios with Special Guests Nate Gardner and Gavin Ashton
Tabletop Scenarios with Special Guests Nate Gardner and Gavin Ashton
This week's episode, Adam and Andy have a great time chatting with fellow cybersecurity professionals Nate Gardner and Gavin Ashton walking through tabletop scenarios. This is something security defenders should do to test their incident response plan. ------------------------------------------- Youtube Video Link: https://youtu.be/kwxSCd40gWQ ------------------------------------------- Documentation: Nate Gardner: https://www.linkedin.com/in/nate-gardner-infosec/ Gavin Ashton:  https://twitter.com/gvnshtn https://www.linkedin.com/in/gvnshtn/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
47:00
February 07, 2022
News Smash
News Smash
This week's episode, Adam and Andy talk catch up on some infosec news including BadUSB, President Biden's memorandum for National Security Systems, iOS/MacOS vulnerablities, and new hardware with Microsoft's Pluton Security Processor. ------------------------------------------- Youtube Video Link: https://youtu.be/yQebJcb2j3E ------------------------------------------- Documentation: https://www.darkreading.com/vulnerabilities-threats/more-security-flaws-found-in-apple-s-OS-technologies https://www.whitehouse.gov/briefing-room/presidential-actions/2022/01/19/memorandum-on-improving-the-cybersecurity-of-national-security-department-of-defense-and-intelligence-community-systems/ https://www.csoonline.com/article/3647173/badusb-explained-how-rogue-usbs-threaten-your-organization.html#tk.rss_all https://www.bleepingcomputer.com/news/microsoft/microsoft-disables-excel-40-macros-by-default-to-block-malware/ https://www.csoonline.com/article/3647170/microsofts-pluton-security-processor-tackles-hardware-firmware-vulnerabilities.html#tk.rss_all ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
33:45
January 31, 2022
Windows Device Management with Special Guest Shannon Fritz
Windows Device Management with Special Guest Shannon Fritz
This week's episode, Adam and Andy talk with special guest Shannon Fritz on Windows Device Management. If you haven't listened to Shannon's episode on Device Identity, we encourage you to listen to it! Following up the conversation on device identity, Shannon talks all about managing devices using co-management and how device identity is related to management but mainly where the device lives does not affect how it is managed. Listen in on what it means to co-manage your Windows devices! ------------------------------------------- Youtube Video Link: https://youtu.be/LtkPvqLvG9Y ------------------------------------------- Documentation: Windows 10 Device Management vs Device Identity https://mrshannon.wordpress.com/2020/06/24/windows-10-device-management-vs-device-identity/ https://anchor.fm/blue-security-podcast/episodes/Say-Goodbye-to-Domain-Join-with-Special-Guest-Shannon-Fritz-erudur Shannon Fritz: https://twitter.com/mrshannonfritz ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
59:06
January 24, 2022
F12 and Find Out
F12 and Find Out
This week's episode, Adam and Andy talk about the importance of the nomenclature we use in information security. They also talk about the perception of information security to those who are not in the field and how that can affect safety when it comes to red teaming. ------------------------------------------- Youtube Video Link: https://youtu.be/nMQC5D_P4qY ------------------------------------------- Documentation: https://techcrunch.com/2021/10/15/f12-isnt-hacking-missouri-governor-threatens-to-prosecute-local-journalist-for-finding-exposed-state-data/ https://boingboing.net/2021/12/30/reporter-likely-to-be-charged-for-using-view-source-feature-on-web-browser.html https://arstechnica.com/information-technology/2019/09/iowa-officials-claim-confusion-over-scope-led-to-arrest-of-pen-testers/ https://abcnews.go.com/US/wireStory/charges-dropped-men-broke-iowa-courthouses-68651855 https://www.darkreading.com/edge-articles/why-red-teaming-while-black-can-be-risky ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
23:22
January 17, 2022
Digital Asset Management
Digital Asset Management
This week's episode, Adam and Andy talk about a fundamental important program for security defenders: asset management. It may not be the most exciting aspect of security but knowing what you have makes it a lot easier to protect and response to attacks. ------------------------------------------- Youtube Video Link: https://youtu.be/Kui8x_lCYOk ------------------------------------------- Documentation: https://danielmiessler.com/blog/continuous-asset-management-security/ https://www.darkreading.com/vulnerabilities-threats/log4j-reveals-cybersecurity-s-dirty-little-secret ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
24:33
January 10, 2022
A look back on 2021
A look back on 2021
This week's episode, Adam and Andy give an update on Log4j/Log4Shell insights from the Google Security Team. They also look back on some of the vulnerabilities and cyberattacks from 2021 and discuss what's to come in 2022 for defenders. ------------------------------------------- Youtube Video Link: https://youtu.be/3XLwP8GFS3M ------------------------------------------- Documentation: https://security.googleblog.com/ https://www.av-comparatives.org/tests/business-security-test-2021-august-november/#management-summary https://news.microsoft.com/on-the-issues/tools-and-weapons/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
30:29
January 03, 2022
Work Life Balance
Work Life Balance
This week's episode, Adam and Andy talk all about a healthy work life balance. With the pandemic still on-going and working from home or hybrid work environments looking like they are not going away, it's time to re-evaluate your boundaries and enforce them. Listen on what's worked for Adam and Andy as they put their mental health ahead of the hustle culture. ------------------------------------------- Youtube Video Link: https://youtu.be/lK147aYqt4k ------------------------------------------- Documentation: https://hbr.org/2021/12/hybrid-tanked-work-life-balance-heres-how-microsoft-is-trying-to-fix-it ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
37:52
December 27, 2021
Threat and Vulnerability Management
Threat and Vulnerability Management
This week, Adam and Andy talk all about how to start and run a threat  and vulnerability program at your company. From asset management,  scanning, remediation, and validation, they go over what is involved and how to orchestrate the effort cross-function to avoid down time. A TVM program is a key pillar of your defense so if you do not have one or want to improve your current one, listen in! ------------------------------------------- Youtube Video Link: https://youtu.be/qTvtvfY3CaQ ------------------------------------------- Documentation: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/network-devices?view=o365-worldwide https://www.tenable.com/products/nessus https://www.qualys.com/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
29:44
December 20, 2021
Log4Shell
Log4Shell
This week, Adam and Andy talk all about the Log4Shell vulnerability affecting the log4j Java library. They give an overview on how it works and how you as a security defender can secure your environment against it. ------------------------------------------- Youtube Video Link: https://youtu.be/D9KBcIHOQzI ------------------------------------------- Documentation: https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592 https://github.com/Neo23x0/log4shell-detector https://twitter.com/shehackspurple/status/1469742868952584194 ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
34:15
December 13, 2021
Security Champions
Security Champions
This week, Adam and Andy talk about a security champions program. This is a way to bolster the security culture and develop representatives in each business group to understand security initiatives and evangelize them for you at your company. It's also a way to have a inner ring of testers and even possible a talent pipeline. There's a lot to discuss so listen in! ------------------------------------------- Youtube Video Link: https://youtu.be/sbnppJR-eMo ------------------------------------------- Documentation: https://www.darkreading.com/careers-and-people/how-to-implement-a-security-champions-program ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
21:22
December 06, 2021
Things are getting better
Things are getting better
This week, Adam and Andy talk about how they see things improving in the cybersecurity industry from the Department of Justice and the US government investigating and hunting down cyber criminals and sanctioning the NSO group to bug bounties increasing and new regulations. ------------------------------------------- Youtube Video Link: https://youtu.be/Jr-prV9DEUg ------------------------------------------- Documentation: https://www.theverge.com/2021/11/8/22770701/revil-ransomware-arrest-kaseya-crypto-europol-cybersecurity https://www.whitehouse.gov/briefing-room/statements-releases/2021/05/12/fact-sheet-president-signs-executive-order-charting-new-course-to-improve-the-nations-cybersecurity-and-protect-federal-government-networks/ https://www.whitehouse.gov/briefing-room/statements-releases/2021/07/28/fact-sheet-biden-administration-announces-further-actions-to-protect-u-s-critical-infrastructure/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
32:53
November 29, 2021
Zero Trust, Amazon Security, and other news
Zero Trust, Amazon Security, and other news
This week, Adam and Andy talk about some recent infosec news, a shocking article about Amazon's lack of security, and what zero trust means to them. ------------------------------------------- Youtube Video Link: https://youtu.be/Lzf-eYy7PTg ------------------------------------------- Documentation: https://www.wired.com/story/amazon-failed-to-protect-your-data-investigation/ http://us-cert.cisa.gov/ncas/current-activity/2021/02/26/nsa-releases-guidance-zero-trust-security-model https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWJJdT ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
34:04
November 22, 2021
Ignite 2021 Fall Highlights
Ignite 2021 Fall Highlights
This week, Adam and Andy go over some of the endpoint, Windows, and security announcements from Ignite. If you were too busy to watch any of the sessions or read about the updates, listen in as they give the highlights from the conference. ------------------------------------------- Youtube Video Link: https://youtu.be/GClAGTkzPmc ------------------------------------------- Documentation: https://news.microsoft.com/ignite-november-2021-book-of-news/ https://myignite.microsoft.com/home https://news.microsoft.com/november-2021-ignite/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
35:57
November 15, 2021
Cybersecurity Talent Gap
Cybersecurity Talent Gap
This week, Adam and Andy talk about the cybersecurity talent gap. They give advice to those who are trying to break into the field as well as hiring managers on changing the way they look at recruiting to widen the talent pipeline. They also talk about how gatekeepers are toxic to the industry. ------------------------------------------- Youtube Video Link: https://youtu.be/Iac0YlqiIx4 ------------------------------------------- Documentation: https://cybersecurity.att.com/blogs/security-essentials/theres-no-such-thing-as-an-entry-level-job-in-cybersecurity https://danielmiessler.com/blog/day-1-skills-required-to-land-an-entry-level-cybersecurity-job/ https://www.cyberseek.org/pathway.html https://twitter.com/FrankMcG/status/1455380836858089477?s=20 ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
39:42
November 08, 2021
Microsoft Digital Defense Report, Consumer Expectations, and Gartner
Microsoft Digital Defense Report, Consumer Expectations, and Gartner
This week, Adam and Andy talk about Microsoft's Digital Defense Report,  consumer expectations of "invisible" security, and should you rip out an  information security tool just because it's not on the Gartner Magic Quadrant. ------------------------------------------- Youtube Video Link: https://youtu.be/YXe79Uli1ow ------------------------------------------- Documentation: https://blogs.microsoft.com/on-the-issues/2021/10/07/digital-defense-report-2021/ https://www.darkreading.com/operations/how-to-adapt-to-rising-consumer-expectations-of-invisible-security/a/d-id/1340989?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple https://twitter.com/snorkel42/status/1450492940938321921?s=21 ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
39:25
November 01, 2021
Windows 365 with Special Guest Bradley Dupay
Windows 365 with Special Guest Bradley Dupay
This week, Adam and Andy talk with Microsoft's Global Black Belt Specialist, Bradley Dupay, about the all new cloud PC offering called Windows 365. They go over how VDI has evolved over the years, the implementation details, use cases, and importance to security defenders. This was an amazing conversation! Listen in on how you can modernize your virtualized desktops for a secure hybrid workplace. ------------------------------------------- Youtube Video Link: https://youtu.be/PVo7_b9BJWg ------------------------------------------- Documentation: https://docs.microsoft.com/en-us/windows-365/overview https://techcommunity.microsoft.com/t5/windows-it-pro-blog/securing-your-windows-365-cloud-pcs/ba-p/2663129 Bradley Dupay Linkedin: https://www.linkedin.com/in/bdupay/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
52:51
October 25, 2021
Facebook Outage Learnings and Windows 11 security
Facebook Outage Learnings and Windows 11 security
This week on the Blue Security Podcast, Adam and Andy talk about the Facebook outage and what security defenders can learn from reading their after actions report. They also dive into Windows 11 and the security features that make it the most secure version of Windows yet. ------------------------------------------- Youtube Video Link: https://youtu.be/DdGeRMkZVOM ------------------------------------------- Documentation: https://www.microsoft.com/security/blog/?p=93810 https://www.microsoft.com/security/blog/2019/10/21/microsoft-and-partners-design-new-device-security-requirements-to-protect-against-targeted-firmware-attacks/ https://www.microsoft.com/security/blog/2020/11/17/meet-the-microsoft-pluton-processor-the-security-chip-designed-for-the-future-of-windows-pcs/ https://www.youtube.com/watch?v=tg9QUrnVFho ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
34:02
October 18, 2021
You are going to be a victim of ransomware
You are going to be a victim of ransomware
This week on the Blue Security Podcast, Adam and Andy talk about planning to be a victim of ransomware. This is a mindset shift. Instead of focusing on prevention, cybersecurity defenders should plan and practice how to mitigate the damage against a ransomware attack. ------------------------------------------- Youtube Video Link: https://youtu.be/MOq2KhhCjAI ------------------------------------------- Documentation: https://www.darkreading.com/vulnerabilities-threats/you-re-going-to-be-the-victim-of-a-ransomware-attack ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
21:17
October 11, 2021
TPM design limitations and Apple-Google app store actions
TPM design limitations and Apple-Google app store actions
This week on the Blue Security Podcast, Adam and Andy talk about two interesting topics. The first is a pentesting company's successful hack Bitlocker using a TPM limitation. They talk about why this is complicated and the mitigations for it. They also talk about Apple and Google's decision to pull a voting app from the store in Russia a day before the parliamentary elections and the effect it has on democracy. ------------------------------------------- Youtube Video Link: https://youtu.be/-GNLKWTtxTI ------------------------------------------- Documentation: https://dolosgroup.io/blog/2021/7/9/from-stolen-laptop-to-inside-the-company-network https://explainxkcd.com/wiki/index.php/538:_Security https://gizmodo.com/apple-and-google-pull-opposition-app-from-russian-store-1847695238 ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
27:46
October 04, 2021
 Protonmail kerfuffle
Protonmail kerfuffle
This week on the Blue Security Podcast, Adam and Andy talk about the hot water Protonmail got themselves into when the news reported that they  provided IP address and device information on a Protonmail account to the Swiss government. It's a great discussion on privacy vs security and laws that companies have to abide by. ------------------------------------------- Youtube Video Link: https://youtu.be/ZMcUKQstqsA ------------------------------------------- Documentation: https://thehackernews.com/2021/09/protonmail-shares-activists-ip-address.html https://protonmail.com/blog/climate-activist-arrest/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
17:17
September 27, 2021
Misconceptions about MDM
Misconceptions about MDM
This week on the Blue Security Podcast, Adam and Andy go over a bunch of misconceptions about mobile device management spurred by some chatter on Twitter. Should you enroll your personal device with your company's management solution? Listen in as Adam and Andy go over what is technical possible or not possible with MDM solutions. ------------------------------------------- Youtube Video Link: https://youtu.be/RblAsBTYV9s ------------------------------------------- Documentation: https://twitter.com/decryptlyfe/status/1428739410338598913?s=20 https://twitter.com/ashleygjovik/status/1428495420917837826?s=20 https://twitter.com/cherthedev/status/1428808057643966468?s=20 ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
43:03
September 20, 2021
One year anniversary!
One year anniversary!
This week on the Blue Security Podcast, Adam and Andy celebrate one year of the podcast looking back on past episodes and key takeaways. ------------------------------------------- Youtube Video Link: https://youtu.be/6iBtzPzsFM4 ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
31:08
September 13, 2021
Apple's Protections for Children
Apple's Protections for Children
This week on the Blue Security Podcast, Adam and Andy talk about Apple's new proposed iOS 15 feature to protect childr