One unlocked phone can unravel the defenses of a billion-dollar enterprise—because in cybersecurity, small mistakes don’t stay small for long. Attackers can read notes, steal IDs, or impersonate you on WhatsApp. A reused password can launch a remote tool that looks completely legitimate.

Rob Maas (Field CTO, ON2IT) and Luca Cipriano (Cyber Threat Intelligence Program Lead, ON2IT) reveal how poor cyber hygiene erodes trust, endangers partners, and weakens enterprise defenses.
CISOs, CIO and IT managers remember: in a Zero Trust world, your weakest link might not even be inside your organization.

• (00:00) - Why your cyber hygiene affects others
• (00:28) - Meet the speakers (Rob Maas, Luca Cipriano)
• (00:47) - Cyber hygiene defined for CISOs
• (03:00) - Unlocked phone → passwords in notes, WhatsApp fraud, ID photos
• (05:53) - SOC case: contractor email compromise → remote tool drop (ConnectWise)
• (09:40) - OSINT: 19 breaches + iterative password reuse
• (17:01) - What to fix now: MFA, vaults, device lock, breach monitoring
• (20:24) - Final takeaways & resources

Click here to view the episode transcript.

Related ON2IT Content & Referenced Resources
• ON2IT: https://on2it.net/
• Threat Talks: https://threat-talks.com/
• AMS-IX: https://www.ams-ix.net/ams
• WatchYourHack: https://watchyourhack.com
• Have I Been Pwned: https://haveibeenpwned.com

Guest and Host Links:
Rob Maas, Field CTO, ON2IT: https://www.linkedin.com/in/robmaas83/
Luca Cipriano, Cyber Threat Intelligence Program Lead, ON2IT: https://www.linkedin.com/in/luca-c-914973124/

If this helped, subscribe to Threat Talks. Share this episode with your partners and contractors—stronger cyber hygiene across your ecosystem protects everyone.

🔔 Follow and Support our channel! 🔔
===
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

The internet promised freedom. Now it monetizes you. The trade-off? Convenience for control.
In this episode, Lieuwe Jan Koning and Prof. Jacobs reveal how scattered tools like meta and X create security gaps—and how one policy, fewer interfaces, and less data shared cut exposure and keep operations running.

Real examples you’ll hear:
• The neighborhood chat stuck on WhatsApp—and how switching to Signal breaks dependency.
• How your address book upload leaks other people’s data to platforms.
• Why secure doesn’t mean private on platforms that profit from your data.
• Age checks done right: passport chip + selective disclosure instead of oversharing.
• Patient groups and municipalities using PubHubs for private, verified rooms (no ads).
• Continuity risk in the real world: federated login outages, US-dependent authenticators, transatlantic cable cuts, and a court moving email to ProtonMail to stay operational.

• (00:00) - – Free vs. monetized internet
• (02:22) - – Facebook: secure ≠ private
• (05:31) - – WhatsApp vs. Signal trade-offs
• (07:05) - – Metadata & social graph risk
• (11:58) - – Attribute-based auth (Yi)
• (19:55) - – Decentralized login; split keys
• (28:11) - – PubHubs: private, verified rooms
• (49:54) - – Continuity: vendor/cable risk
• (56:01) - – Close & takeaways

Guest and Host Links:
Lieuwe Jan Koning (ON2IT Co-Founder): https://www.linkedin.com/in/lieuwejan/
Bart Jacobs: http://www.cs.ru.nl/~bart/

If this helped you strengthen your Zero Trust policy, subscribe, like, and share. New episodes weekly. Follow Threat Talks on YouTube, Spotify, and Apple Podcasts.

Click here to view the episode transcript.

🔔 Follow and Support our channel! 🔔
===
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

Boards don’t buy dashboards—they buy assurance. Breaches are late-stage symptoms of drift: rules pile up, logs lose signal, cloud/Kubernetes outpace governance. Lieuwe Jan Koning (ON2IT Co-Founder) and Rob Maas (Field CTO) show how Zero Trust Step 5B (Maintain) proves your controls still work—today.

• (00:00) - — Welcome & Zero Trust Step 5B
• (00:57) - — Five steps: fast recap
• (03:12) - — Maintain = policy validation
• (05:31) - — Vendor updates, hidden features
• (08:46) - — Traffic flows vs. reality
• (10:19) - — Behavior analytics, baselines
• (11:56) - — Cloud/K8s/service-mesh shifts
• (16:32) - — Wrap-up & next actions

Zero Trust Series
Step 1: https://youtu.be/mC66i-tEEFs
Step 2: https://youtu.be/wp0q9aZHuXc
Step 3: https://youtu.be/eGsw2JCnrac
Step 4A: https://youtu.be/qT_nqbBEkVw
Step 4B: https://youtu.be/fnKyMITZes8
Step 5A: https://youtu.be/N7pWXLxI6kY

Guest and Host Links:
Lieuwe Jan Koning (ON2IT Co-Founder): https://www.linkedin.com/in/lieuwejan/
Rob Maas (Field CTO, ON2IT): https://www.linkedin.com/in/robmaas83/

If this helped you strengthen your Zero Trust policy, subscribe, like, and share. New episodes weekly. Follow Threat Talks on YouTube, Spotify, and Apple Podcasts.

Click here to view the episode transcript.

🔔 Follow and Support our channel! 🔔
===
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

Hacktivists don’t need zero-days to hurt you—they weaponize people. Host Lieuwe Jan Koning sits down with Yuri Wit (SOC analyst) and Rob Maas (Field CTO) to dissect APT Handala: how they hunt targets, deliver wipers, and brag about leaks. We map their moves to the Lockheed Martin Kill Chain and turn it into a Zero Trust defense playbook you can actually use—today.

• (00:00) - - 01:40 - Introduction
• (01:40) - - 02:27 - What is APT Handala?
• (02:27) - - 05:27 - Kill Chain Step 1: Reconnaissance
• (05:27) - - 06:43 - Kill Chain Step 2: Weaponization
• (06:43) - - 10:39 - Kill Chain Step 3: Delivery
• (10:39) - - 14:37 - Kill Chain Step 4: Exploitation
• (14:37) - - 17:34 - Kill Chain Step 5: Installation
• (17:34) - - 23:39 - Kill Chain Step 6: Command and control
• (23:39) - - 26:40 - Kill Chain Step 7: Act on objectives
• (26:40) - - 29:35 - How to respond to being hacked
• (29:25) - - 30:22 - Closing notes

Additional Resources
• ON2IT Zero Trust: https://on2it.net/zero-trust/
• Lockheed Martin Cyber Kill Chain: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
• Tor Project (onion services): https://www.torproject.org/
• Threat Talks hub: https://threat-talks.com/

Click here to view the episode transcript.

🔔 Follow and Support our channel! 🔔
===
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🕵️ Threat Talks is a podcast created in collaboration with ON2IT and AMS-IX. Each episode features leading cybersecurity experts sharing real-world insights on emerging threats, trends, and defense strategies — helping organizations stay secure in today’s rapidly evolving digital world.

ON2IT website: https://on2it.net/
AMS-IX website: https://www.ams-ix.net/ams

First documented case: AI inside the breach.
Promptlock marks the first time malware has used AI during execution, not just in preparation. In this Threat Talks deep dive, Rob Maas (Field CTO, ON2IT) sits down with Yuri Wit (SOC Analyst, ON2IT) to break down how it works: a Go loader calling an attacker’s LLM in real time, generating fresh payloads that adapt on the fly.

This episode strips away sci-fi hype. You’ll see the psychology of an adversary that thinks mid-attack—and the Zero Trust defenses that box it in. When AI runs inside the kill chain, malware doesn’t just evolve. It crosses into super-malware.

• (00:00) - — Cold open: “What if malware could think?”
• (00:18) - — Welcome: Rob Maas & Yuri Wit
• (00:41) - — First reaction to PromptLock
• (01:02) - — How attackers already use AI (phishing, coding, negotiations)
• (03:02) - — Why PromptLock is different: AI during execution
• (03:35) - — How it works: Go → Ollama → LLM → Lua
• (06:36) - — Proof-of-concept tells (the Satoshi wallet)
• (07:55) - — Defense shift: hashes die, behavior wins
• (10:40) - — Detecting LLM calls: SSL inspection realities
• (11:26) - — Quick wins: block interpreters (Lua/Python/PowerShell)
• (12:23) - — Zero Trust moves: default-deny egress & segmentation
• (12:41) - — What’s next: dynamic exploits & on-demand EDR bypass
• (16:21) - — Timelines & hardware: why adoption could accelerate
• (18:21) - — Wrap-up & CTA

Key Topics Covered
• The first documented case of AI inside the breach — why Promptlock changes the game
• Promptlock’s core loop: calling an LLM mid-attack to generate fresh payloads.
• Why hash-based detection breaks against AI-powered malware detection, ever-changing scripts.
• Behavioral defense over signatures: EDR/XDR, sandboxing, and SSL inspection.
• Zero Trust in practice: block script interpreters, restrict egress, and shrink blast radius.

Additional Resources
ON2IT Zero Trust: https://on2it.net/zero-trust/
Threat Talks hub: https://threat-talks.com/
Ollama (referenced in episode): https://ollama.com/
The Rising Threat of Deepfakes: https://youtu.be/gmtZ_aYmQdQ

Guest & Host Links:
Rob Maas, Field CTO, ON2IT: https://www.linkedin.com/in/robmaas83/
Yuri Wit, SOC Specialist, ON2IT: https://www.linkedin.com/in/yuriwit/

Click here to view the episode transcript.

🔔 Follow and Support our channel! 🔔
===
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🕵️ Threat Talks is a podcast created in collaboration with ON2IT and AMS-IX. Each episode features leading cybersecurity experts sharing real-world insights on emerging threats, trends, and defense strategies — helping organizations stay secure in today’s rapidly evolving digital world.

ON2IT website: https://on2it.net/
AMS-IX website: https://www.ams-ix.net/ams

Your tools say “secure.” Your headers say “leaking.”
In this Threat Talks Deep Dive, ON2IT’s Luca Cipriano (CTI & Red Team Lead) exposes Data Bouncing—a stealthy exfiltration trick that hides inside HTTP headers and abuses DNS lookups through trusted third parties. We show the demo, decode the psychology of the attack, and translate it into Zero Trust moves you can deploy today.

• (00:00) - – Why your defenses aren’t enough
• (00:11) - – What is Data Bouncing?
• (01:22) - – How attackers exfiltrate data via DNS & headers
• (05:20) - – Live demo: DNS lookups & Burp Suite interception
• (10:48) - – Reassembling stolen files undetected
• (15:24) - – Can you defend against Data Bouncing?
• (19:20) - – Testing it in your own environment
• (21:00) - – Key takeaways & call to action

Additional Resources
• ON2IT Threat Talks Podcast: https://www.on2it.net/threat-talks
• Zero Trust Resources: https://www.on2it.net/zero-trust/

Guest & Host Links:
• Luca Cipriano, Cyber Threat Intelligence Program Lead, ON2IT: https://www.linkedin.com/in/luca-c-914973124/
• Rob Maas, Field CTO, ON2IT: https://www.linkedin.com/in/robmaas83/

Click here to view the episode transcript.

🔔 Follow and Support our channel! 🔔
===
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a podcast created in collaboration with ON2IT and AMS-IX. Each episode features leading cybersecurity experts sharing real-world insights on emerging threats, trends, and defense strategies — helping organizations stay secure in today’s rapidly evolving digital world.

ON2IT website: https://on2it.net/
AMS-IX website: https://www.ams-ix.net/ams

Playing it safe with AI sounds smart, but is banning it really how you prevent data leaks?

In this episode of Threat Talks, ON2IT’s Lieuwe Jan Koning (ON2IT Co-Founder) sits down with Rob Maas, Field CTO at ON2IT, to tackle the hard question: How can CISOs and security leaders embrace AI safely—without exposing their organization to destructive data leaks?

From Samsung’s ChatGPT ban to real-world AI hallucinations, we unpack why “AI, play it safe” doesn’t mean blocking innovation—it means controlling it.

• (00:00) - 00:00 – AI, play it safe introduction
• (00:00) - 00:41 – Customer fears: Ban AI or embrace it?
• (00:00) - 01:13 – Real case: $1 Chevrolet Tahoe & AI chatbots gone wrong
• (00:00) - 02:46 – Samsung’s ChatGPT ban: lessons for CISOs
• (00:00) - 06:50 – How AI transforms work & productivity (coding, translation, ops)
• (00:00) - 17:00 – Data exposure & AI governance: the #1 risk
• (00:00) - 30:21 – LLM on Prem
• (00:00) - 33:10 – AI hallucinations & unsafe outputs (dangerous examples)
• (00:00) - 40:50 – The CISO dilemma: Fall behind or take control

Additional Resources
• ON2IT Threat Talks Podcast: https://www.on2it.net/threat-talks
• Zero Trust Resources: https://www.on2it.net/zero-trust/

Guest & Host Links:
Rob Maas (Field CTO, ON2IT): https://www.linkedin.com/in/robmaas83/
Lieuwe Jan Koning (Founding Partner, ON2IT): https://www.linkedin.com/in/lieuwejan/

If you’re a CISO, CIO, or security leader navigating the AI storm, this episode is a must-watch.

Click here to view the episode transcript.

🔔 Follow and support our channel! 🔔
===
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

Zero Trust step 5A is where monitoring turns raw logs into decisive action.
Hosts Lieuwe Jan Koning and Rob Maas (Field CTO, ON2IT) expose why MDR alone isn’t protection—and how context closes the gap. Learn to inspect every event, use Indicators of Good/Compromise, and set Rules of Engagement that stop lateral movement and alert fatigue.

• (00:00) - — Welcome & Step 5A (Monitor) setup
• (00:37) - — Steps 1–4 recap: protect surfaces, flows, architecture, policy
• (04:12) - — MDR vs protection: why “collect all logs” fails
• (07:28) - — Events vs logs: inspect every event & retention reality
• (10:22) - — Context from protect surfaces: mapping IPs to business systems
• (13:41) - — IoG vs IoC vs Unknown: triage model & beating alert fatigue
• (17:59) - — Rules of Engagement: automation, kill switch & blast radius (prevention first)

If this helped sharpen your Zero Trust monitoring strategy, subscribe to Threat Talks and turn on notifications—don’t miss Step 5B (Maintain).

Additional Resources
• https://on2it.net/zero-trust/
• https://on2it.net/managed-security/protect-surface-management/
• https://on2it.net/wp-content/uploads/2023/02/Zero-Trust-Dictionary-EN.pdf
• https://on2it.net/context-is-key-the-data-challenge-of-cybersecurity/
• https://threat-talks.com/
• https://www.ams-ix.net/

Guest & Host Links:
Rob Maas (Field CTO, ON2IT): https://www.linkedin.com/in/robmaas83/
Lieuwe Jan Koning (Founding Partner, ON2IT): https://www.linkedin.com/in/lieuwejan/

Click here to view the episode transcript.

🔔 Follow and Support our channel! 🔔
===
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a podcast created in collaboration with ON2IT and AMS-IX. Each episode features leading cybersecurity experts sharing real-world insights on emerging threats, trends, and defense strategies — helping organizations stay secure in today’s rapidly evolving digital world.

ON2IT website: https://on2it.net/
AMS-IX website: https://www.ams-ix.net/ams