If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast
EP30 Show Notes:
Recorded 5/25/18 - As you can expect, this EP focuses on VPNFilter. We discuss how we got involved, why Talos made the decision to disclose when we did, and we cover many details of the malware itself. There is a lot of background to this ongoing discussion. Take a peek behind the curtain of the defense against this attack as we cover many different aspects of the malware, the attack, and the mitigation.
The Timeline:
The Roundtable
01:10 - Nigel - The Mighty Reds in the Champions League final, without external interference04:32 - Joel - Doing the full-Biden, Joel reveals his surveillance of Eminem’s dating life.
06:18 - Craig: A walking Texas stereotype, as long as he’s walking in hippie sandals
08:18 - Matt: Sorry I was saving the internet, red cards hit home (Matt totally faked the injury)
The Topics
13:20 - VPN FIlter background: being compelled to release unfinished research, a killswitch is found (not the good kind), and infection rates spike on a clearly defined target.20:50 - Not going it alone - preparing the field and partners for release
21:51 - How the malware works and how the domain takedown works
27:50 - Recap of mitigation guidance for potentially affected devices
29:05 - Stage 2 and 3 - Sniffing for creds and MODBUS
34:24 - Highly earned shout out to the super smart folks that came together to on this
39:46 - Becoming an expert in a couple days, Matrix-download-style - Top questions we have received
49:19 - Nigel’s conspiracy theories
51:03 - Special thanks - and why community matters
The Links:
VPNFiler blog post: https://blog.talosintelligence.com/2018/05/VPNFilter.html
US DoJ Release and Guidance: https://www.justice.gov/opa/pr/justice-department-announces-actions-disrupt-advanced-persistent-threat-28-botnet-infected
USCERT Alert: https://www.us-cert.gov/ncas/alerts/TA18-145A
Fun Fact: This episode contains the fourth time Craig has referred to listeners as “readers”. #PopUpPodcast
==========
Featuring: Craig Williams (@Security_Craig), Joel Esler (@JoelEsler), Matt Olney (@kpyke) and Nigel Houghton (@EnglishLFC). Special Guest Nick Biasini (@infosec_nick).
Hosted by Mitch Neff (@MitchNeff).
Find all episodes:
http://cs.co/talospodcast
Subscribe via iTunes (and leave a review!)
http://cs.co/talositunes
Check out the Talos Threat Research Blog:
http://cs.co/talosresearch
Subscribe to the Threat Source newsletter:
http://cs.co/talosupdate
Follow Talos on Twitter:
http://cs.co/talostwitter
Give us your feedback and suggestions for topics:
[email protected]
Featuring: Craig Williams (@Security_Craig), Joel Esler (@JoelEsler), Matt Olney (@kpyke) and Nigel Houghton (@EnglishLFC). Special Guest Nick Biasini (@infosec_nick).
Hosted by Mitch Neff (@MitchNeff).
Find all episodes:
http://cs.co/talospodcast
Subscribe via iTunes (and leave a review!)
http://cs.co/talositunes
Check out the Talos Threat Research Blog:
http://cs.co/talosresearch
Subscribe to the Threat Source newsletter:
http://cs.co/talosupdate
Follow Talos on Twitter:
http://cs.co/talostwitter
Give us your feedback and suggestions for topics:
[email protected]
Article Link: http://feedproxy.google.com/~r/feedburner/Talos/~3/C9sCCmhLt_Y/beers-with-talos-ep-30-vpnfilter.html