Retour

Explorez tous les épisodes du podcast Antisyphon Training Anticasts

Plongez dans la liste complète des épisodes de Antisyphon Training Anticasts. Chaque épisode est catalogué accompagné de descriptions détaillées, ce qui facilite la recherche et l'exploration de sujets spécifiques. Suivez tous les épisodes de votre podcast préféré et ne manquez aucun contenu pertinent.

Rows per page:

1–14 of 14

TitreDateDurée
Preparing IR for AI Incidents with Gerard Johansen05 Mar 202601:10:40

Is your Incident Response plan AI ready?

Join us for a free one-hour training session with incident management expert and instructor Gerard Johansen, where he'll teach how to adapt your Incident Response plan to AI-related risks and threats.

You’ll learn how AI incidents actually happen and how to respond to them.

Gerard will also cover what to include in your incident response plan so you’re prepared as your organization adopts AI.

🛝 Webcast Slides
https://www.blackhillsinfosec.com/wp-content/uploads/2026/03/SLIDES_Antisyphon-Anti-Cast-IR-in-AI.pdf

Chapters

  • (00:00) - Intro
  • (02:33) - Who is Gerard Johansen
  • (03:10) - Webcast Agenda
  • (04:58) - Our Guardrails
  • (07:36) - Challenges in AI Incident Response
  • (09:48) - Artificial Intelligence Hype
  • (10:46) - Our Assets Column
  • (11:59) - History doesn’t repeat, it rhymes.
  • (15:09) - Classification Model
  • (17:08) - Threat Actor Use
  • (18:40) - Threat Actor - Case Studies
  • (20:01) - Key Points to Consider
  • (21:40) - GenAI Targeting
  • (22:21) - GenAI Targeting - Case Studies
  • (23:02) - [more] Key Points to Consider
  • (24:33) - Internally Generated AI Incident
  • (26:02) - Internally Generated - Case Studies
  • (27:00) - [even more] Key Points to Consider
  • (29:09) - AI Readiness Planning - Key Assumptions
  • (30:06) - AI Readiness Planning
  • (30:46) - Establish a clear and concise definition
  • (32:19) - Establish Incident Criteria
  • (34:24) - Rework Existing Processes
  • (36:26) - Tie in Additional Stakeholders
  • (37:44) - Information Sharing
  • (41:13) - AI Incident Premortem
  • (44:13) - Continuously Review
  • (46:13) - Hypothesize, Test & Improve
  • (48:23) - Key Points for the plan
  • (50:47) - Sumamry
  • (52:03) - Questions & Discussion

Creators & Guests

Chat with your fellow attendees in the BHIS Discord server:
https://discord.gg/bhis
in the #🔴live-chat channel

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
https://poweredbybhis.com

Click here to watch a video of this episode.

Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com


Antisyphon Training

https://www.antisyphontraining.com/


Active Countermeasures

https://www.activecountermeasures.com


Wild West Hackin Fest

https://wildwesthackinfest.com

Click here to view the episode transcript.

Red Teaming AI: OWASP LLM Top 10 with Brian and Derek25 Feb 202601:06:31

Summary
Are you currently testing your AI systems the same way you test traditional apps?

🛝 Webcast Slides
https://www.antisyphontraining.com/wp-content/uploads/2026/02/AI-LLM-Red-Teaming.pdf

Join AI researchers Brian Fehrman and Derek Banks for a free one-hour training session that breaks down the OWASP Top 10 AI-LLM risks clearly and practically.

You’ll learn in this Antisyphon Anti-cast how LLM security issues show up in real systems, how attackers test them, and what to focus on to secure AI applications with a practical, security-first mindset.


Chapters

  • (00:00) - Intro
  • (01:09) - Webcast Agenda
  • (02:21) - Workshop: Hacking AI-LLM Applications
  • (02:49) - Training: Attacking, Defending, and Leveraging AI-LLM Systems
  • (03:11) - BHIS AI Security Assessments
  • (03:24) - AI Security Ops Podcast
  • (03:56) - LLM Security Introduction
  • (05:57) - Foundation Model Training
  • (09:35) - Chatbot
  • (14:58) - AI Agents
  • (17:56) - LLM Safety Versus Security
  • (23:54) - OWASP Top 10 for LLM Applications
  • (24:33) - – Prompt Injection
  • (29:11) - – Sensitive Information Disclosure
  • (32:46) - – Supply Chain
  • (37:02) - – Data and Model Poisoning
  • (40:18) - – Improper Output Handling
  • (41:51) - – Exessive Agency
  • (43:47) - – System Prompt Leakage
  • (45:17) - – Vector and Embedding Weaknesses
  • (46:49) - – Misinformation
  • (49:45) - – Unbounded Consumption
  • (52:10) - Red Team Methodology
  • (53:06) - Threat Modeling an LLM App
  • (54:41) - Defense-in-Depth for LLM Apps
  • (55:49) - Red Team Tools & Frameworks
  • (56:31) - Key Takeaways
  • (01:00:34) - Q&A

Creators & Guests

Chat with your fellow attendees in the BHIS Discord server:
https://discord.gg/bhis
in the #🔴live-chat channel

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
https://poweredbybhis.com

✏️ Training with Brian and Derek:
>Workshop: Hacking AI-LLM Applications
>Attacking, Defending, and Leveraging AI-LLM Systems

Click here to watch this episode on YouTube.

Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com


Antisyphon Training

https://www.antisyphontraining.com/


Active Countermeasures

https://www.activecountermeasures.com


Wild West Hackin Fest

https://wildwesthackinfest.com

Click here to view the episode transcript.

Adapting to Active Directory Security Enhancements with Eric Kuehn23 Feb 202601:01:01

Summary
Are your go-to Active Directory attacks quietly failing without you noticing?

Join Eric Kuehn, Principal Security Consultant at Secure Ideas, for a free one-hour training session that takes a deep dive into the security enhancements Microsoft has introduced to Active Directory over the past few years and how they are reshaping the way penetration testers and defenders operate.

You’ll learn how long-reliable attack paths now break, how successful attacks may leave new and unexpected traces, and what these changes mean for staying stealthy during an engagement.

Eric will teach you the latest AD hardening features, the new detection opportunities they create, and the practical changes testers and defenders can make to improve their tradecraft right away.

Chapters

  • (00:00) - Intro
  • (01:29) - I am Eric Kuehn
  • (05:43) - “Recent” Change Timeline
  • (09:14) - 2026 And Beyond
  • (13:34) - NTLM Finally Going Away
  • (19:28) - Kerberos PAC Signatures
  • (23:23) - What Does It Mean to Us?
  • (25:18) - Certificate-Based Authentication
  • (29:46) - Non-Security Events for PAC and Certificate Issues
  • (31:07) - Certificate Services Audit Events
  • (32:11) - Kerberos Enhancements
  • (35:18) - In Summary
  • (37:59) - Demo Time
  • (49:25) - Q&A

Credits
Creators & Guests
Chat with your fellow attendees in the BHIS Discord server:
https://discord.gg/bhis
in the #🔴live-chat channel

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
https://poweredbybhis.com

Click here to watch a video of this episode.

Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com


Antisyphon Training

https://www.antisyphontraining.com/


Active Countermeasures

https://www.activecountermeasures.com


Wild West Hackin Fest

https://wildwesthackinfest.com

Click here to view the episode transcript.

How to Strengthen M365 Exchange Online Configurations with Kevin Klingbile05 Feb 202601:06:04

Summary
When was the last time you reviewed the security of your mail flow rules?

Join instructor Kevin Klingbile to learn how attackers exploit weak mail flow rules and how to stop them.

Kevin will teach you through real-world examples of rule bypasses, show you how to spot risky configurations, and teach practical steps to secure your email environment.

In this free one-hour Antisyphon Anti-cast, you'll strengthen your defenses and make sure your mail flow rules aren’t the next easy target.

🛝 Webcast Slides:
https://www.antisyphontraining.com/wp-content/uploads/2026/02/strengthen-m365-configs-kevin-klingbile.pdf

✏️ Antisyphon Training with Kevin:
https://www.antisyphontraining.com/product/defending-m365-azure-with-kevin-klingbile/

Chapters

  • (00:00) - Intro – How to Strengthen M365 Exchange Online Configurations with Kevin Klingbile
  • (01:12) - Excahnge Online
  • (03:47) - Exchange Mail Flow Rules
  • (04:20) - Rule Requirements - Conditions
  • (08:36) - Rule Settings
  • (12:15) - Rule Flow
  • (18:34) - Creating “Good” Rules
  • (25:22) - Rule Example - Conditions vs Description
  • (28:29) - Rule Function - Message Sent to Organization
  • (29:39) - Reply to email chain and...
  • (30:56) - Microsoft’s Solution! (Sort of)
  • (32:10) - Mail Rule vs Disclaimer
  • (32:20) - Modify Original Rule
  • (33:03) - New message “Bypassing” Subject Rule
  • (35:03) - Common Rule Issues
  • (41:44) - Phishing Products
  • (42:39) - X-Header Bypass Examples
  • (42:53) - X-Header Example - 2
  • (43:46) - Direct Send
  • (45:50) - Direct Send - Transport Rules
  • (46:52) - Disable Direct Send**
  • (47:58) - DMARC
  • (48:26) - Securing Exchange Online
  • (48:59) - Q&A Start
  • (57:46) - Other Antisyphon Events
  • (01:05:35) - Final Thoughts

Creators & Guests
Chat with your fellow attendees in the BHIS Discord server:
https://discord.gg/bhis
in the #🔴live-chat channel

Click here to watch a video of this episode.

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
https://poweredbybhis.com

Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com


Antisyphon Training

https://www.antisyphontraining.com/


Active Countermeasures

https://www.activecountermeasures.com


Wild West Hackin Fest

https://wildwesthackinfest.com

Click here to view the episode transcript.

Effective AI for Practical SecOps Workflows w/ Hayden Covington28 Jan 202601:19:19

Which AI workflows are already running in production SOCs right now, and which ones could you implement by next week?

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits:
https://poweredbybhis.com

🛝 Webcast Slides:
https://www.antisyphontraining.com/wp-content/uploads/2026/01/Effective-AI-for-Practical-SecOps.pdf

✏️ Learn from Hayden on Antisyphon Training:
https://www.antisyphontraining.com/search/Hayden

Join Hayden Covington (Black Hills Infosec - SOC SecOps Lead) for a free one-hour training session to learn how to augment security analysts with AI through practical, tested workflows.
Cut through the noise of vendor demos, hype, and ChatGPT wrappers.

Hayden will teach you practical AI workflows that help analysts work faster and smarter without replacing their judgment.
Learn real techniques for detection engineering, case management, and QA, plus where AI truly helps (and where it doesn’t) so you can apply it right away.

Chat with your fellow attendees in the BHIS Discord server:
https://discord.gg/bhis
in the #🔴live-chat channel

Chapters:

  • (00:00) - INTRO – 2026-01-28 Effective AI Hayden
  • (02:29) - About Hayden
  • (03:33) - What This Session Is (and Isn't)
  • (04:26) - Let's Get Something Straight
  • (06:11) - What Augmentation Actually Looks Like
  • (12:03) - Before You Implement Anything...STOP
  • (13:14) - Consideration: Cost
  • (18:30) - Consideration: Policy & Legal
  • (20:41) - Consideration: Data Sensitivity
  • (21:21) - Consideration: Team Buy-In
  • (23:35) - Consideration: PEBKAC
  • (27:55) - How We'll Break Down the Use Cases
  • (29:14) - Start This Week! – AI Projects: Curated Team Agents
  • (32:12) - Building a Good Agent
  • (33:18) - Detection Code Review Agent
  • (35:31) - Detection Code Review: Example Prompt (GH)
  • (37:01) - Why Markdown and Change Controlled Prompts Win
  • (38:38) - Start This Week! – SOC Analyst Agent
  • (40:20) - SOC Analyst Agent: Example Prompt
  • (41:56) - Other Agent Examples
  • (42:53) - Quick Wins: Raycast InfoSec Extensions
  • (44:44) - Raycast Example
  • (45:12) - Build This Month! – Case Management: Alert Titles & Summaries
  • (46:23) - Case Management: Example
  • (47:10) - Case Management: Sample Implementation
  • (48:08) - Build This Month! – Quality Assurance: Automated Ticket Review
  • (48:44) - QA Workflow Options
  • (49:45) - QA: What It Catches
  • (50:15) - QA: Sample Prompt
  • (51:37) - Build This Month! – Detection Engineering: First-Draft Generation
  • (53:12) - Detection Engineering Workflow
  • (54:04) - Detection Engineering: Starter Approach
  • (54:45) - Detection Engineering: Sample Prompt
  • (56:58) - Where AI Often Fails
  • (59:27) - Key Takeaways
  • (01:00:31) - Resources & Next Steps
  • (01:01:39) - QA Start
  • (01:04:31) - Patterson's Workshop

Creators & Guests
Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com


Antisyphon Training

https://www.antisyphontraining.com/


Active Countermeasures

https://www.activecountermeasures.com


Wild West Hackin Fest

https://wildwesthackinfest.com

Click here to view the episode transcript.

OSINT Like a Hacker with Mishaal Khan22 Jan 202601:06:05

What if you could uncover secrets hidden in plain sight, weaving together digital breadcrumbs to reveal the untold stories of the online world?

Join Mishaal at WWHF Mile High '26 – In-Person or Virtual
https://www.antisyphontraining.com/product/next-level-osint-with-mishaal-khan/
🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
https://poweredbybhis.com

Join instructor Mishaal Khan for a free one-hour hands-on training session, where you'll navigate real-world scenarios and build an investigation mind map, incorporating email addresses, phone numbers, Google Maps, APIs, and online form abuse.

Learn to use unconventional hacker-style techniques to find information that could unlock a treasure trove and move the investigation forward.

Mishaal will teach you new techniques and efficient ways of using common tools for unexpected results.


Chat with your fellow attendees in the BHIS Discord server:
https://discord.gg/bhis
in the #🔴live-chat channel

Chapters:

  • (00:00) - Intro- Finding John Cena
  • (09:35) - Data brokers + remote browsing to bypass geo/blocks
  • (28:16) - Midshow Q&A
  • (28:43) - Do you need a PI license to do OSINT?
  • (30:41) - Is it harder/easier to find info outside the US (GDPR/Europe)?
  • (32:15) - AI/automation in your research—building that as you go, correct?
  • (33:30) - Best way to protect yourself against OSINT?
  • (52:02) - Post Show Q&A
  • (52:29) - How is the Kaido method not unofficial pen testing?
  • (53:56) - How much deeper do you go in your course/class?
  • (55:38) - When you run out of tools, how do you find new alternatives?
  • (58:49) - Do you need to record findings in an admissible way—and what tool?
  • (01:03:05) - Best ways to contact Mishaal
  • (01:04:21) - Closing remarks + upcoming events

Creators & Guests
Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com


Antisyphon Training

https://www.antisyphontraining.com/


Active Countermeasures

https://www.activecountermeasures.com


Wild West Hackin Fest

https://wildwesthackinfest.com

Click here to view the episode transcript.

Threat Hunting Malware Communication over DNS17 Jan 202601:26:20

Are attackers hiding in your DNS traffic right now?

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – 

https://poweredbybhis.com

Join instructor Faan Rossouw for a free one-hour training on hunting malware that uses DNS as a covert communication channel.

C2 frameworks, RATs, and backdoors frequently exploit DNS to stay hidden - sometimes for months. High-profile attacks like SolarWinds' Sunburst demonstrate just how devastating undetected DNS exfiltration can be.

This Antisyphon Anti-Cast focuses on behavior-based threat hunting techniques that go beyond signatures to uncover suspicious DNS activity attackers think they've hidden.

You'll learn how to:
* Recognize network artifacts that DNS tunneling produces
* Identify anomalies in DNS record types that signal malicious use
* Leverage open-source tools like Zeek, RITA, and Sysmon to detect malware abusing DNS
* Build detection strategies that make it very hard for DNS-based threats to remain hidden

If you're ready to stop trusting DNS and start verifying it, this session will give you the practical skills to hunt what's lurking in your network.

Chapters:

  • (00:00) - Intro - Threat Hunting Malware Communication over DNS
  • (00:53) - Introducing Faan
  • (02:28) - Threat Hunting C2 Over DNS
  • (04:00) - Threat Hunting - What is it and why is it awesome?
  • (05:42) - Assumed Compromise
  • (06:55) - David J. Bianco – Pyramid of Pain Guy
  • (13:28) - C2 Over DNS
  • (28:03) - TXT Record Abuse
  • (32:46) - Null Record
  • (35:07) - CNAME, MX, SRV… Oh my
  • (38:26) - DNS Sandwhich
  • (42:48) - ID Field Missuse
  • (48:58) - EDNS0
  • (52:33) - Encrypted DNS
  • (55:15) - Main Takeaway
  • (56:14) - The Workshop: Build a Reflective Shellcode Loader C2 in Golang
  • (57:51) - Q&A Start
  • (01:00:15) - DNS and Splunk?
  • (01:01:48) - Suggestions for Detecting DGA?
  • (01:03:25) - Offensive Security Tooling from a Threat Hunter Perspective
  • (01:07:27) - Restrict outbound DNS to protect against C2?
  • (01:09:06) - Communicating the value of Threat Hunting to Higher Ups.
  • (01:13:49) - Closing Remarks

Creators & Guests
Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com


Antisyphon Training

https://www.antisyphontraining.com/


Active Countermeasures

https://www.activecountermeasures.com


Wild West Hackin Fest

https://wildwesthackinfest.com

Click here to view the episode transcript.

Intro to Using Defense Hacking Tools with Jordan Drysdale and Kent Ickler09 Jan 202601:17:06

How do you use hacking tools?

🛝 Webcast Slides
https://www.antisyphontraining.com/wp-content/uploads/2026/01/IntroToHackingTools-kent-and-jordan.pdf

🎓Antisyphon Training with Kent & Jordan at WWHF Mile High 2026:
https://www.antisyphontraining.com/product/active-directory-security-and-hardening-with-jordan-drysdale-and-kent-ickler/

Join instructors Jordan Drysdale and Kent Ickler (Black Hills Information Security – Testers) for a free one-hour training session featuring a live demonstration of hacking tools in a speed run against a messy Active Directory domain.

You’ll get a rapid-fire introduction to Jordan and Kent’s standard hacking techniques and learn strategies based on their popular Lab Building 101 framework.

Kent and Jordan will demystify how these tools work so you can feel confident using them yourself.


Chapters:

  • (00:00) - Intro - Intro to Using Defense Hacking Tools
  • (01:48) - Executive Problem Statement
  • (03:28) - First and Foremost
  • (10:33) - Recon & OSINT Tooling
  • (19:09) - Scan & Enumerate Tooling
  • (24:37) - Vulnerability Scanning
  • (27:17) - Vulnerability Exploitation
  • (31:47) - Web Applications
  • (36:07) - Local System Tooling
  • (38:03) - Password Spraying/Cred Abuse
  • (41:39) - Active Directory
  • (49:35) - Proxy Chains / SSH Tunnels
  • (50:18) - SMB File Shares
  • (51:35) - Kerberos Interaction
  • (52:39) - Impacket Tools
  • (54:04) - Pre-Windows 2000
  • (55:22) - Credential Relay (and LLMNR)
  • (56:44) - ADCS Investigation & Abuse
  • (57:17) - Browser Hijacks
  • (58:14) - We Have a Class - Active Directory Security and Hardening
  • (58:53) - Q&A Start
  • (01:00:13) - How Do you Build These Skills?
  • (01:02:08) - When Did You Start Feeling Comfortable with Your Skillset?
  • (01:06:23) - Getting a Company to Approve Running These Tools?
  • (01:08:50) - HIPPA Approved Tools?
  • (01:11:06) - Training for an Organization?
  • (01:12:23) - Finding Entry Level Jobs
  • (01:14:58) - Closing Remarks

Creators & Guests
Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com


Antisyphon Training

https://www.antisyphontraining.com/


Active Countermeasures

https://www.activecountermeasures.com


Wild West Hackin Fest

https://wildwesthackinfest.com


Click here to watch a video of this episode.

Click here to view the episode transcript.

The Absolute Truths of Cybersecurity with Doc Blackburn01 May 202601:06:21

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
https://poweredbybhis.com

DANGER AHEAD.

In this bold, no-nonsense talk, instructor Doc Blackburn will reveal the Absolute Truths of Cybersecurity, hard realities that challenge everything you think you know about “being secure.”

🛝 Webcast Slides - 
https://www.antisyphontraining.com/wp-content/uploads/2026/04/Absolute-Truths.pdf

Join us for a free one-hour training session to learn why security isn’t a product, why prevention is a fantasy, why encryption fixes almost nothing, and why your biggest risk might be you.

You'll learn to see your role differently — not as a gatekeeper, but as a mission-enabler, risk translator, and resilience builder.

This Anti-Cast isn’t about firewalls or frameworks. It’s a total reset on how we view cybersecurity.
Chapters

  • (00:00) - Intro - The Absolute Truths of Cybersecurity with Doc Blackburn
  • (03:40) - Vera's Origin Story
  • (08:19) - Learning Security?
  • (10:08) - Security isn’t what you do!
  • (11:17) - 14 Truths of Cybersecurity
  • (12:59) - Truth #1: There is no such thing as security, only varying degrees of insecurity.
  • (15:26) - Truth #2: The network doesn't exist to be secured.
  • (21:29) - Truth #3: When security gets in the way of the mission – Security is wrong, not the mission
  • (22:54) - Truth #4: Prevention is ideal – Detection is a must. Detection without response is useless
  • (28:43) - Truth #5: Security must always be driven by business need
  • (31:04) - Truth #6: Security is a cost center, not a profit center
  • (34:04) - Truth #7: Security is a process… not a product
  • (35:58) - Truth #8: You cannot process encrypted data… EVER
  • (38:42) - Truth #9: All good security is custom-fit Compliance does not equal security
  • (44:28) - Truth #10: In security, the most dangerous thing in the world is what you think you know.
  • (47:14) - Truth #11: You cannot secure what you do not control
  • (49:49) - Truth #12: You cannot prevent what you allow
  • (51:02) - Truth #13: Security is, first and foremost, a people issue
  • (53:24) - Truth #14: Some things cannot be fixed They are simply reality
  • (59:11) - WORKSHOP: How to think like a Cybersecurity Defender

Credits
Creators & Guests
Chat with your fellow attendees in the BHIS Discord server:
https://discord.gg/bhis
in the #🔴live-chat channel

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
https://poweredbybhis.com

Click here to watch a video of this episode.

Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com


Antisyphon Training

https://www.antisyphontraining.com/


Active Countermeasures

https://www.activecountermeasures.com


Wild West Hackin Fest

https://wildwesthackinfest.com

Click here to view the episode transcript.

How to Write SOC Tickets That Build Trust and Drive Action w/ Dan Rearden02 Apr 202601:01:30

What does the ideal SOC ticket look like?

🛝 Webcast Slides - 
https://www.antisyphontraining.com/wp-content/uploads/2026/03/How-to-Write-SOC-Tickets-That-Build-Trust-and-Drive-Action.pdf

Technical skills matter, but clear communication is just as important.

Join SOC Analyst Dan Rearden for a free one-hour Antisyphon Anti-cast on using soft skills to level up your tickets.

Learn how to make alerts clear, findings impactful, and documentation useful now and later.

Chapters

  • (00:00) - Intro- How to Write SOC Tickets That Build Trust and Drive Action - Dan Rearden
  • (01:53) - About Dan Rearden
  • (03:27) - On Call at 2AM...
  • (05:16) - Beyond the Terminal
  • (06:22) - Talking to Humans
  • (09:11) - Reboot Your Vocabulary
  • (14:44) - Plain Text Protocol
  • (19:54) - Peer To Peer
  • (24:44) - The Client Session
  • (26:06) - The Client Session
  • (28:13) - Hotfix today
  • (31:53) - Final System Check
  • (34:32) - Q&A

Credits
Creators & Guests
Chat with your fellow attendees in the BHIS Discord server:
https://discord.gg/bhis
in the #🔴live-chat channel

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
https://poweredbybhis.com

Click here to watch a video of this episode.

Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com


Antisyphon Training

https://www.antisyphontraining.com/


Active Countermeasures

https://www.activecountermeasures.com


Wild West Hackin Fest

https://wildwesthackinfest.com

Click here to view the episode transcript.

Securing the Cloud in the Age of AI with Andrew Krug27 Mar 202600:59:00

Existential Courage: The Hitchhiker's Guide to Surviving AI in Cloud

🛝 Webcast Slides -
https://www.blackhillsinfosec.com/wp-content/uploads/2026/03/SLIDES_The-Hitchhikers-Guide-to-Surviving-AI-in-Cloud.pdf

Can AI really help secure the cloud, or is it quietly making things worse?

Join Antisyphon instructor and security researcher Andrew Krug for a free one-hour Anti-cast on what really happens when AI collides with cloud security.

  • Andrew will cut through the hype and look at how LLMs affect IAM, monitoring, governance, and real-world risk.
  • Learn where AI helps, where it hallucinates, and how to defend cloud environments without panic.
  • Expect practical insights, grounded strategy, and a bit of cosmic humor. Bring your towel. Don’t panic.


Chapters

  • (00:00) - Intro
  • (02:44) - Our trip through the galaxy
  • (03:38) - What kind of literature is the Hitchikerʼs Guide to the Galaxy?
  • (04:29) - Don't Panic
  • (05:18) - The Agentic Revolution
  • (05:56) - Cast of Characters
  • (07:44) - The State of AI in the Enterprise - Deloitte
  • (10:53) - How do teams build agents?
  • (12:11) - What are teams using agents for?
  • (13:17) - Why build on Bedrock + AWS
  • (14:17) - Are we learning? Or not learning?
  • (15:58) - Are you the fixed point in a shifting universe?
  • (17:01) - TL;DR the majority of these are the same threats we have been dealing with
  • (18:16) - Prompt Injection is the new SQL Injection
  • (19:13) - Sandbox Escape
  • (20:20) - Shared Structure: General Software & AI Supply Chains
  • (23:03) - The Bad News
  • (24:29) - Threate Vector Coverage
  • (25:24) - The Expanding Universe of Secrets
  • (28:15) - Hope is not a strategy! But a strategy can give us hope.
  • (28:36) - (Yes we AI-Removed Andrew's Coughs)
  • (29:40) - back to: Hope is not a strategy! But a strategy can give us hope.
  • (30:47) - Plan for maximum risk scenarios
  • (33:03) - Squishy Stuff
  • (34:38) - KIRO
  • (37:11) - Infrastructure and Data Protection
  • (39:11) - Priveledge Escalation Paths – https://pathfinding.cloud
  • (40:58) - The AI Stuff
  • (42:01) - So anyway, here's Firewall
  • (43:34) - OpenTelementry
  • (46:47) - You still have to have logs
  • (48:22) - MCP
  • (49:22) - Learn more from Andrew in: Securing the Cloud Foundations
  • (50:23) - Post Show Q&A

Credits
Creators & Guests
Chat with your fellow attendees in the BHIS Discord server:
https://discord.gg/bhis
in the #🔴live-chat channel

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
https://poweredbybhis.com

Click here to watch a video of this episode.

Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com


Antisyphon Training

https://www.antisyphontraining.com/


Active Countermeasures

https://www.activecountermeasures.com


Wild West Hackin Fest

https://wildwesthackinfest.com

Click here to view the episode transcript.

How to Detect Malicious Remote Workers w/ James McQuiggan17 Mar 202600:59:47

Summary
Could a nation-state threat actor get hired and stay invisible to your SOC?

🛝Webcast Slides-
https://www.blackhillsinfosec.com/wp-content/uploads/2026/03/SLIDES_2026-03-11-AntiSyphon-DPRK-Hiring.pdf

Join us for a free one-hour training session with James McQuiggan, CISSP and Advisory CISO, as he teaches you the full lifecycle of North Korea’s AI-enabled IT worker operation, from AI-generated identities and U.S.-based laptop farms to the data theft and extortion that follow once they’re inside.

You’ll learn a practical detection and hunting playbook covering behavioral anomalies, identity red flags, and post-hire SOC indicators that catch what background checks miss.

If your SOC isn’t hunting for threats that were hired legitimately, this Antisyphon Anti-cast will change that.


Chapters

  • (00:00) - Intro – How to Detect Malicious Remote Workers - James McQuiggan
  • (01:17) - DPRK Solution – Did you Hire a North Korean?
  • (02:35) - But Really, Did We Just Hire a North Korean?
  • (04:31) - How comfortable are you to spot deepfakes?
  • (05:46) - Who is James R. McQuiggan
  • (07:42) - Webcast Agenda
  • (09:36) - Overview - North Korea Situation
  • (11:56) - DRPK Education
  • (14:31) - The Ultimate Inside Threat – DPRK Job Opps
  • (16:17) - Attacker's Playbook — Contagious Interview / WageMole Campaigns
  • (17:47) - Investigations – Crowdstrike / Okta / Unit 42
  • (19:14) - How Identities Are Built – AI Images
  • (21:05) - GenAI Resumes
  • (23:39) - Stateside Assistance
  • (25:23) - Face Swap / Voice Cloning & Webcams ➜ LIVE Deepfakes
  • (25:49) - AI Face Swap Demo
  • (29:55) - Video Camera Real time Video Deepfake Face Swap Interview
  • (30:43) - KnowBe4 Use Case – July 2024
  • (34:18) - Legal Impact
  • (35:42) - Companies Infiltrated — The Numbers
  • (36:11) - North Korean Farmers Arrested
  • (40:23) - SOC Playbook – Deepfake Dashboard
  • (40:53) - 12 Best AI Deepfake Detector Tools
  • (41:54) - Detecting VOIP Numbers & Identity
  • (43:01) - SOC Telemetry
  • (45:17) - Hiring Flags
  • (46:08) - HR – Hiring Tips
  • (48:24) - Human Risk – AI First Ready Security Team
  • (50:26) - Wrap Up and Q&A
  • (54:39) - James' Survey QR Code

Credits
Creators & Guests
Chat with your fellow attendees in the BHIS Discord server:
https://discord.gg/bhis
in the #🔴live-chat channel

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
https://poweredbybhis.com

Click here to watch a video of this episode.

Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com


Antisyphon Training

https://www.antisyphontraining.com/


Active Countermeasures

https://www.activecountermeasures.com


Wild West Hackin Fest

https://wildwesthackinfest.com

Click here to view the episode transcript.

Turn Ideas into Code with GitHub Copilot with Carrie Roberts08 May 202601:09:36

What if you could build tools, automate tasks, and write real code without ever having called yourself a developer?

Join us for a free one-hour training session with instructor Carrie Roberts, Developer and InfoSec Engineer, as she teaches you how GitHub Copilot is changing what it means to "know how to code" and show you how to put it to work in your browser right now, with no setup required.

You'll learn how to use Copilot to generate, debug, and refactor code through hands-on demos, including how to assign tasks directly from GitHub without ever opening an editor, so you can start building things that actually work faster than you ever thought possible.

📚 Train with Carrie Roberts
https://www.antisyphontraining.com/product/powershell-for-infosec-what-you-need-to-know-with-carrie-roberts/

Chapters

  • (00:00) - Introduction & What is GitHub Copilot
  • (05:17) - How Copilot Works (Concept + Setup)
  • (11:27) - Prompting Strategies for Better Results
  • (15:49) - Turning Ideas into Code (Workflow)
  • (23:53) - Debugging, Limitations & Security
  • (36:11) - Q&A

Credits
Creators & Guests
Chat with your fellow attendees in the BHIS Discord server:
https://discord.gg/bhis
in the #🔴live-chat channel

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
https://poweredbybhis.com

Click here to watch a video of this episode.

Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com


Antisyphon Training

https://www.antisyphontraining.com/


Active Countermeasures

https://www.activecountermeasures.com


Wild West Hackin Fest

https://wildwesthackinfest.com

Click here to view the episode transcript.

Investigating Nix Endpoints for Incident Response - Patterson Cake30 May 202601:12:10

How many endpoint Operating Systems are there?
 
SPOILER alert – the answer is two!

🛝 Webcast Slides - 
https://www.antisyphontraining.com/wp-content/uploads/2026/04/REI-Nix-042026.pdf
 
Join Patterson Cake, Director of Incident Response at Black Hills Infosec, as he guides through his “rapid endpoint investigations” workflow for the “other” (not Windows) Operating System…*Nix (Linux/Mac).
 
We’ll learn how to select, acquire, and analyze Linux and Mac investigative artifacts, using Velociraptor offline collector, CatScale, and UAC scripts.
 
Windows gets a lot of attention and rightfully so!
 
However, Linux and Mac are part of every enterprise ecosystem and represent a critical attack surface. You need a simple, effective, repeatable plan for investigating these endpoints.

Chapters

  • (00:00) - Intro - Investigating Nix Endpoints for Incident Response - Patterson Cake
  • (00:43) - April is the cruelest month
  • (02:36) - AGENDA
  • (04:32) - ENDPOINT & IDENTITY
  • (05:10) - ENDPOINT = ?
  • (07:22) - OS = Windows vs Linux vs Mac?
  • (09:00) - Linux “Use Cases”
  • (10:40) - Endpoint Investigations: Linux
  • (12:57) - Rapid Endpoint Investigations: Linux
  • (13:48) - THREAT-ACTOR SOP*
  • (17:27) - ENDPOINT ATTACK SURFACE
  • (19:10) - RAPID TRIAGE WORKFLOW
  • (20:18) - Linux Artifacts
  • (22:25) - COLLECT...PARSE...REDUCE/REFINE
  • (23:33) - COLLECT ARTIFACTS
  • (27:13) - ANALYSIS WORKFLOW
  • (28:01) - OUTPUT REVIEW
  • (32:51) - Other = Mac (Business Desktops 10%)
  • (34:46) - Mac “Threat-Actor SoP”
  • (36:48) - Mac Artifacts
  • (40:19) - Mac UAC Execution
  • (42:06) - Mac Artificats (again)
  • (50:41) - ENDPOINT & IDENTITY - Mac
  • (52:43) - Resources
  • (54:03) - Q&A

Credits
Creators & Guests
Chat with your fellow attendees in the BHIS Discord server:
https://discord.gg/bhis
in the #🔴live-chat channel

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
https://poweredbybhis.com

Click here to watch a video of this episode.

Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com


Antisyphon Training

https://www.antisyphontraining.com/


Active Countermeasures

https://www.activecountermeasures.com


Wild West Hackin Fest

https://wildwesthackinfest.com

Click here to view the episode transcript.

© My Podcast Data
About usPrivacy Policy