Coffee Talk with SURGe

Join Audra Streetman and special guest Sydney Howard, Principal Threat Hunter at Splunk for an interview about her career journey, why she thinks purple teaming is so important, and her approach to threat hunting. Links:
- Introducing the PEAK Threat Hunting Framework 
- Hypothesis-Driven Hunting with the PEAK Framework 
- Model-Assisted Threat Hunting (M-ATH) with the PEAK Framework 
- SCYTHE Purple Team Exercise Framework 

Grab a cup of coffee and join Mick Baccio and Audra Streetman for another episode of Coffee Talk with SURGe. You can watch the livestream of this episode here. 
 
The team from Splunk will discuss the latest security news, including:
- Software engineer publicly discloses Telegram vulnerability
- Dallas says it 'will likely take weeks to get back to full functionality' after ransomware attack
 - Hackers attempt to extort Dragos and its executives in suspected ransomware attempt
- Joint advisory on Hunting Russian Intelligence “Snake” Malware
Mick and Audra also shared their stance on AI regulation as part of this week's 60 second charity challenge, with proceeds benefitting the Save Elephant Foundation.

Join David Bianco and special guest Aaron Gee-Clough, Senior Data Engineer at DomainTools for an interview about their collaboration for a research project evaluating the trustworthiness of certificate authorities (CAs) by analyzing five billion TLS certificates using Splunk.
Watch the livestream of this episode here. 
Listen to the talk at RSA Conference 2023
RSA slides
DomainTools 2021 report
 

Grab a cup of coffee and join Ryan Kovar, Mick Baccio, and Audra Streetman for another episode of Coffee Talk with SURGe. You can watch the livestream of this episode here.
 
The team from Splunk will discuss the latest security news, including: 
- The DOJ Detected the SolarWinds Hack 6 Months Earlier Than First Disclosed- US Marshals Service still recovering from February ransomware attack affecting system used by fugitive hunters- Industrial security vendors partner to share intelligence about critical infrastructure threats
Ryan and Mick competed in a charity challenge to discuss the impact of splintering social media platforms for keeping track of security news and opinions. The trio also recapped the highlights from RSA Conference.

Grab a cup of coffee and join Mick Baccio and special guests Juan Andres Guerrero-Saade and Jon DiMaggio for another episode of Coffee Talk with SURGe, live from RSA Conference in San Francisco. Guerrero-Saade and DiMaggio are both contributing authors for Bluenomicon, a new book by SURGe that features stories and advice from security leaders and practitioners. You don't want to miss it!
You can watch the livestream of this episode here. 

Grab a cup of coffee and join Ryan Kovar, Mick Baccio, and Audra Streetman for another episode of Coffee Talk with SURGe. You can watch the livestream of this episode here.
 
The team from Splunk will discuss the latest security news, including: 
- Citizen Lab releases report on NSO Group's new zero-click exploit chains
- LockBit ransomware encryptors found targeting Mac devices
- Did someone really hack into the Oldsmar, Florida, water treatment plant? New details suggest maybe not.
 
Mick and Ryan competed in a 60 second charity challenge about how generative artificial intelligence could be used in cyber threat intelligence, with proceeds benefiting the ACLU. 
The trio also discussed Microsoft's new threat actor naming taxonomy and the role of attribution in cyber threat intelligence.
 

Join Coffee Talk with SURGe for our bi-weekly interview series. This week, Audra Streetman interviews Michael Haag, Senior Threat Researcher at Splunk. They'll discuss his YouTube show, Atomics on a Friday, along with the Living off the Land Drivers project, which aims to consolidate vulnerable and malicious drivers into a centralized location.  
Links:
Episode livestream
Splunk Threat Research Team
Splunk blog about certificate abuse
Splunk blog about IIS Modules
Splunk content on Windows drivers
LOLDrivers Project
Form to submit drivers
Atomic Red Team
SANS Talk about Windows driver rootkits
Atomics on a Friday
Follow Michael on Twitter
 

Grab a cup of coffee and join Ryan Kovar, Mick Baccio, and Audra Streetman for another episode of Coffee Talk with SURGe. You can watch the episode livestream here. 
 
The team from Splunk will discuss the latest security news, including: 
-The Splunk Threat Research Team releases a blog with insights into the 3CX supply chain compromise-Medical device manufacturers in the US must soon provide SBOMs-Italy's data protection agency temporarily bans ChatGPT
Audra and Mick competed in a 60 second charity challenge on whether or not they see artificial intelligence reaching singularity, with proceeds benefiting DataEthics4All. The trio wrapped up with a deep dive into the RESTRICT ACT and proposed TikTok ban in the United States.

Join Coffee Talk with SURGe for our bi-weekly interview series. This week, SURGe member Shannon Davis interviews Allan Liska, threat intelligence analyst at Recorded Future and author of Ransomware: Understand. Prevent. Recover. They'll talk about the threat of ransomware, including recent trends, the impact of hack-back operations, and how organizations can become more resilient against attacks. 
Links: 
Watch the episode livestream
Follow Allan on Twitter
Learn more about Allan's book
 

Grab a cup of coffee and join Ryan Kovar, Mick Baccio, and Audra Streetman for another episode of Coffee Talk with SURGe. You can watch the episode livestream here. 
 
The team from Splunk will discuss the latest security news, including:
- Oakland could be dealing with a second ransomware attack in two months
- Notorious hacking forum shuts down after administrator gets arrested
- Google Pixel flaw allowed recovery of redacted, cropped images
 
Mick and Ryan shared their takes on responding to 0day vulnerabilities and the trio also discussed GPT-4 and the future of generative AI.