Episodios

  • How Microsoft Stays Ahead of the World’s Most Dangerous Hackers

    How Microsoft Stays Ahead of the World’s Most Dangerous Hackers
    Aug 7 2025
    In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Aarti Borkar, Simeon Kakpovi, and Andrew Rapp for a behind-the-scenes look at how Microsoft Threat Intelligence and Microsoft Incident Response teams collaborate as part of a closed-loop system, the emotional toll of breaches, and how organizations of any size can build resilience through preparation and psychological safety. By listening to this segment, you’ll get a preview of what this group brought to the main stage of Black Hat this year. Later, Sherrod chats with Snow, co-founder of the Social Engineering Community Village at DEF CON, about her journey from special effects makeup to elite social engineer, and how empathy, creativity, and even a ladder can be powerful tools in physical security testing. In this episode you’ll learn: How Microsoft’s Digital Crimes Unit uses legal tactics to disrupt threat actors Why rehearsing your incident response plan can save weeks of recovery time How AI is being trained to make social engineering phone calls on its own Some questions we ask: How would you describe the overall health of the global cybersecurity landscape? Why does tailoring AI prompts sometimes feel like social engineering? What is the feedback loop between incident response, intelligence, and product protections? Resources: View Aarti Borkar on LinkedIn View Simeon Kakpovi on LinkedIn View Andrew Rapp on LinkedIn View Sherrod DeGrippo on LinkedIn Microsoft at Black Hat USA 2025 Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
    Más Menos
    1 h y 18 m
  • Inside Microsoft’s Global Operation to Disrupt Lumma Stealer’s 2,300-Domain Malware Network

    Inside Microsoft’s Global Operation to Disrupt Lumma Stealer’s 2,300-Domain Malware Network
    Jul 23 2025
    In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Richard Boscovich and Derek Richardson from Microsoft’s Digital Crimes Unit to unpack the global takedown of Lumma Stealer, one of the world’s largest infostealer malware operations. They discuss how creative legal tools like RICO and centuries-old trespass laws, deep collaboration with global partners, and innovative technical strategies came together to seize 2,300 domains and protect nearly 400,000 victims. The episode explores how the DCU is shifting toward persistent, cost-imposing disruption of cybercrime as a service, and what this means for defenders everywhere. In this episode you’ll learn: How Microsoft took down one of the world’s largest infostealer malware operations The global partnerships with Europol, Japan, and private companies in cyber takedowns What happens to stolen victim data during a takedown operation Some questions we ask: How did you first identify Lumma as a high-priority threat? Is persistent disruption now the new normal for DCU operations? Do you see more operations like this coming from DCU in the future? Resources: View Richard Boscovich on LinkedIn View Sherrod DeGrippo on LinkedIn Disrupting Lumma Stealer: Microsoft Leads Global Action Against Favored Cybercrime Tool Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
    Más Menos
    45 m
  • Tips from Grifter and Lintile for Attending Hacker Summer Camp

    Tips from Grifter and Lintile for Attending Hacker Summer Camp
    Jul 9 2025
    In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Grifter, the legendary Black Hat NOC lead, and Lintile, host of Hacker Jeopardy, to go behind the scenes of DEF CON and Black Hat. They unpack the chaos of managing the world’s most hostile networks, share advice for first-time attendees, and explore the vibrant hacker community that thrives on connection, contests, and lifelong friendships. The conversation also covers how to submit compelling CFP abstracts, why live events matter, and the controlled mayhem that defines Hacker Jeopardy each year in Las Vegas. Heading to Black Hat? Join us at booth #2246 where we will be recording new episodes, and request to attend the VIP Mixer. We’ll also be hosting the BlueHat podcast, our friends from GitHub, and experts from our incident response team. In this episode you’ll learn: Why skipping talks at DEF CON to join contests and villages can be more valuable Tips for crafting compelling CFP abstracts that stand out among 1,000+ submissions The importance of connection and niche technical discussions in the hacker community Some questions we ask: What advice would you give to someone who has never been to DEF CON? How does the team plan traps and misdirection in Hacker Jeopardy questions? What do you think the community should focus on getting out of DEF CON? Resources: View Sherrod DeGrippo on LinkedIn Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
    Más Menos
    1 h y 33 m
  • The Art and Science of Microsoft’s Red Team

    The Art and Science of Microsoft’s Red Team
    Jun 25 2025
    In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Craig Nelson, who leads the elite Microsoft Red Team. Together, they dive into the art and impact of red teaming at Microsoft: what it means to simulate real-world attacks, how threat intelligence informs operations, and why collaboration between red and blue teams is crucial for organizational resilience. Craig shares the surprising mission that blurred the lines between physical and cyber security, reflects on how AI is reshaping attacker tactics and defensive strategies, and offers advice for aspiring red teamers. From stories of early hacker days in the ’90s to navigating the complexities of securing cloud and AI systems, this conversation is packed with insights on how Microsoft stays ahead of evolving threats. In this episode you’ll learn: The role of human behavior in real-world security breaches How Microsoft’s Secure Future Initiative impacts security culture What the Microsoft Red Team does and what it doesn’t do Some questions we ask: How do you feel about getting caught during a red team operation? What do you wish people paid more attention to in red team findings? Is this new AI complexity good or bad for red teaming? Resources: View Craig Nelson on LinkedIn View Sherrod DeGrippo on LinkedIn Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
    Más Menos
    41 m
  • A Peek Inside Microsoft’s Global Fight Against Cyber Threats

    A Peek Inside Microsoft’s Global Fight Against Cyber Threats
    Jun 11 2025
    Recorded live at RSAC 2025, this special episode of the Microsoft Threat Intelligence Podcast, hosted by Sherrod DeGrippo, brings together Jeremy Dallman from the Microsoft Threat Intelligence and Steven Masada from Microsoft’s Digital Crimes Unit. The panel explores the psychology and techniques behind nation-state and criminal cyber actors, how Microsoft innovatively uses legal and technical disruption to dismantle threats like Cobalt Strike and Storm-2139, and the growing trend of adversaries leveraging AI. From North Korean fake job interviews to China's critical infrastructure infiltration, this episode highlights how Microsoft is staying ahead of the curve—and sometimes even rewriting the playbook. In this episode you’ll learn: How targeting attacker techniques is more effective than chasing specific actors The surprising ways threat actors use AI—for productivity, not just deepfakes Why North Korean threat actors are building full-blown video games to drop malware Some questions we ask: What’s the role of Microsoft’s Digital Crimes Unit and how is it unique in the industry? Why should cybersecurity professionals read legal indictments? What impact did Microsoft’s legal actions have on tools like Cobalt Strike and Quakbot? Resources: View Jeremy Dallman on LinkedIn View Steven Masada on LinkedIn View Sherrod DeGrippo on LinkedIn Bold action against fraud: Disrupting Storm-1152 Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
    Más Menos
    46 m
  • Call of the Cyber Duty (A Global Cyber Challenge)

    Call of the Cyber Duty (A Global Cyber Challenge)
    May 28 2025
    In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Henning Rauch, to discuss Call of the Cyber Duty is a 42-hour global cybersecurity challenge hosted by Microsoft’s Kusto Detective Agency. The competition runs from 12:00 AM Coordinated Universal Time (UTC) on June 8, 2025, and ends at 12:00 AM UTC on June 18, 2025, at 10:00AM UTC. Once a team member opens the first case, they have 42 hours to complete it.Participants will solve a series of investigative puzzles using Kusto Query Language (KQL) — no prior Kusto experience required. This free, gamified threat-hunting experience is open to individuals and teams, with a $10,000 grand prize, an interactive mystery plot, and a Hall of Fame for the top solvers. Expect fun twists, real-world security skills, and even a surprise appearance by mentalist Lior Suchard or the illusive Professor Smoke! Later in the episode, Sherrod is joined by security researchers Anna Seitz and Rebecca Light to explore two evolving cyber threats. Anna breaks down the unprecedented collaboration between Russian state-affiliated threat actors Aqua Blizzard and Secret Blizzard, who are combining efforts to target Ukrainian military systems. Rebecca dives into the resurgence of DarkGate malware—this time delivered through a deceptive technique called ClickFix, which uses fake CAPTCHA-like prompts to trick users into activating malicious payloads. In this episode you’ll learn: What Kauzar V2 malware is and how it enables long-term remote access and data theft How Russian threat groups Aqua Blizzard and Secret Blizzard are collaborating Why DarkGate malware remains relevant thanks to its adaptability and evasion tactics Some questions we ask: Are Russian threat actors adopting cybercriminal tactics like initial access brokers? How does Kauzar V2 malware function, and why is it significant in this campaign? What is ClickFix, and how does it differ from typical malware delivery methods? Resources: View Henning Rauch on LinkedIn View Rebecca Light on LinkedIn View Anna Seitz on LinkedIn View Sherrod DeGrippo on LinkedIn 🕵️‍♀️ Register for the challenge (free!) https://detective.kusto.io/register 🎬 Official trailer featuring Lior Suchard https://youtu.be/sPmTX0ZrnE 🌐 Event homepage (info hub) https://detective.kusto.io Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
    Más Menos
    32 m
  • BadPilot: Inside Seashell Blizzard’s (AKA Sandworm) Global Cyber Espionage Campaign

    BadPilot: Inside Seashell Blizzard’s (AKA Sandworm) Global Cyber Espionage Campaign
    May 14 2025
    In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by security researchers Anna Seitz and Megan Stalling to unpack new intelligence on the BadPilot Campaign, a sophisticated operation by a subgroup of Seashell Blizzard—also known as APT-44, Iridium, or Sandworm. The team explores how this subgroup, active since 2021, uses opportunistic access, remote management tools, and Tor based ShadowLink infrastructure to maintain covert control of compromised systems. They also examine trends across threat actor ecosystems, how tactics evolve through shared influence, and why network detection remains a key battleground in defending against persistent global threats. In this episode you’ll learn: How evolving network detection is helping stop threat actors Why Seashell Blizzard targets industrial control systems When fake Zoom links and meeting invites are used to lure victims into engagement Some questions we ask: Have North Korean hackers improved at social engineering lately? What’s this subgroup’s main goal when it comes to network attacks? Why would a group like this use such basic tactics instead of more advanced ones? Resources: View Megan Stalling on LinkedIn View Anna Seitz on LinkedIn View Sherrod DeGrippo on LinkedIn BadPilot Campaign, Seashell Blizzard How Microsoft Names Threat Actors Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
    Más Menos
    41 m
  • Inside THOR Collective, a Dispersed Team Delivering Open-Source Research

    Inside THOR Collective, a Dispersed Team Delivering Open-Source Research
    Apr 30 2025
    In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Lauren Proehl, Sydney Marrone, and Jamie Williams to dig into the THOR Collective — a fresh, community-driven initiative bringing modern energy to threat intel. The group discusses the ongoing tension where developers focus on user-friendly design while security professionals aim to break things to prevent malicious use. They also dive into the THOR Collective, a community-driven initiative with open-source projects like Hearth and their twice-weekly Substack newsletter, Dispatch, which combines research, memes, and real-world lessons to uplift the InfoSec community. The conversation touches on the challenges of security, the disconnect between the public and understanding risks, and the need for more user-friendly, AI-driven security solutions that cater to various skill levels. In this episode you’ll learn: The value of consistently publishing high-quality content How the THOR Collective addresses this issue through innovative and digestible content The importance of making complex InfoSec topics approachable for different experience levels Some questions we ask: What’s going on with the rise in toll scam text messages? Why has social engineering remained such a successful tactic for threat actors? How does THOR Collective welcome new voices in InfoSec, and why is this crucial in today’s security landscape? Resources: View Lauren Proehl on LinkedIn View Sydney Marrone on LinkedIn View Jamie Williams on LinkedIn View Sherrod DeGrippo on LinkedIn THOR Collective Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
    Más Menos
    41 m