Blue Team Diaries

Join us as we explore the shadowy world of malware analysis with this episode featuring Danny Quist, a seasoned security researcher, and host Peter Manev pulls back the curtain on the complex, yet critical, process of reverse engineering malicious code. Danny highlights the challenges malware analysts face, particularly when encountering new or custom threats, and describes how they exploit the tendency of malware authors to reuse code from previous projects, turning their predictable habit into a valuable clue. Danny also explains that while larger malware samples might contain pre-written libraries, making them initially easier to dissect; it’s the smaller, more sophisticated malware written in languages like Go that can present a new challenge. The conversation concludes by delving into the motivations driving malware attacks. Whether you're a cybersecurity professional or simply curious about the digital threats lurking online, this interview with Danny Quist offers a fascinating glimpse into the world of malware analysis. Key Takeaways: Reverse engineering challenges: Malware analysis is complex, especially for new or custom malware. However, reverse engineers can exploit the fact that malware authors often reuse code from previous projects or libraries.Finding the right tool: The best tool for reverse engineering depends on the situation. Danny discusses using Binary Ninja, IDA Pro, and Ghidra, each with its pros and cons.Process for analyzing new malware: When encountering new malware, analysts need to identify the existing code (e.g., libraries) and the new code written by the malware author. This helps focus the analysis effort.Difficulties of different malware types: Large malware is easier to analyze because it often contains pre-written libraries. Smaller malware written in complex languages (e.g., Go) can be trickier.Challenges of catching malware actors: While finding and catching malware actors is difficult, it's not impossible. They make mistakes, and security researchers can use various techniques to track them down.Motivations of malware actors: Malware actors can be financially motivated or have other goals. Some target specific entities, while others deploy ransomware and spam malware more broadly. Biography Danny Quist is the CTO of Unit129, Inc., a security startup. Previously he has worked at Redacted, Bechtel, MIT Lincoln Laboratory, and Los Alamos National Laboratory as an incident responder, reverse engineer, and manager of security engineering. His primary interests are weird incident response problems, reverse engineering strange malware, and managing security and engineering teams. Danny holds a Ph.D. in Computer Science from New Mexico Tech. He has previously spoken at Blackhat, Defcon, RSA, ShmooCon, and CactusCon. LinkedIn: https://www.linkedin.com/in/dannyquist

Welcome to episode 11 of the Blue Team Diaries! In this episode, our host Peter Manev engages in a conversation with Dr. Josh Stroschein, Reverse Engineer @ FLARE with Google, as they delve into the world of malware analysis. In this episode, you’ll learn: The world of malware analysis can be daunting, but with the right guidance and tools, you can start chipping away at the mystery behind malicious files. Listen to this episode, because Dr. Josh Stroschein will equip you with the foundational knowledge to become a threat-hunting hero. About Josh Stroschein Josh is an experienced malware analyst and reverse engineer and has a passion for sharing his knowledge with others. He is a reverse engineer at Google (Chronicle), where he focuses on tackling the latest threats. Josh is an accomplished trainer, providing training at places such as Ring Zero, BlackHat, Defcon, Toorcon, Hack-In-The-Box, Suricon, and other public and private venues. Josh is also an author on Pluralsight, where he publishes content around malware analysis, reverse engineering, and other security related topics. Where to find Josh Stroschein? The Cyber YetiLinkedIn

Welcome to episode 10 of the Blue Team Diaries! In this episode, our host Peter Manev engages in a conversation with Michael DiLalla from Penfield Central School District, providing an insider’s perspective on the dynamic world of cybersecurity within the public education sector. Throughout the episode, Peter and Michael delve into various facets of cybersecurity, exploring Michael’s current work project, recounting a hair-raising encounter with ransomware, and dissecting the unique challenges of safeguarding a school system. Michael also emphasizes the importance of logs and scripting and shares practical advice for aspiring cybersecurity professionals. Michael’s passion for his work and dedication to keeping children safe are evident and this month’s podcast underscores the fulfilling reward that comes with protecting educational institutions.

While the main goal for any security team is avoiding a breach, having a comprehensive preparedness plan for when an attack occurs is equally, if not more, crucial. This month, our host Peter Manev is joined by Xavier Ashe, senior vice president of Truist’s Cyber Defense Division. During the episode Xavier shares fascinating stories from the front lines of the cybersecurity industry and explains the importance of organizations being ready and able to quickly pivot and recover from adverse cyber events. Will your plan stand up to the test? Xavier also sheds light on the competitive nature of the cyber industry, especially for newcomers, and why aspiring enthusiasts should embrace the challenges and focus on understanding how the internet and security function. Tune in this month for a riveting discussion that unveils the necessity of being cyber resilient and offers invaluable insights for industry newcomers.

In the ever-evolving world of cybersecurity, staying one step ahead of malicious actors is critical. What used to be an effective security strategy five years ago may now leave you vulnerable to emerging threats. To safeguard sensitive data and assets, continuous innovation and adaptability are essential. In this month’s Blue Team Diaries episode, host Peter Manev engages in a thought-provoking discussion with guest Yorkvik Jacqmin, a senior SOC analyst at the European Commission. Yorkvik shares some captivating stories from the cybersecurity frontlines and explains the development of a new rule detection framework, how it differs from SIGMA, and what is the impact it has on the threat detection process.

Embarking on a career in the cybersecurity field can be a daunting task for those entering the classroom to learn about its ever-evolving challenges of the field. In our newest podcast, we’ll explore the indispensable role of mentors in helping to guide and shape the careers of cyber newcomers. Ryan Irving, a seasoned cyber professional, who serves as the Security Operations Center Manager, leads a student-operated Security Operations Center (SOC) as part of a degree program at the University of South Florida. The program integrates academia with real-world application and gives students an opportunity to develop the attributes that can contribute to their success as defenders. Join us for this month’s podcast, “Paving the Path for Cybersecurity Students,” as we discuss the essence of mentorship and explore the ever-evolving field of cybersecurity. Find him here: Linkedin: http://linkedin.com/in/ryan-i-63581229 Twitter: https://twitter.com/rirving77 Cyber Florida, University of South Florida: https://cyberflorida.org/

With long working hours and tons of responsibility, the cybersecurity field could be very stressful. As a result, sometimes mental health and personal life are left behind. With more than ten years of cyber security leadership experience, the Vice President of Security of TeamViewer, Robert Haist, is joining us this month for an episode of interesting field stories, a discussion on mental health and the power of PowerPoint. Join the conversation between Robert Haist and our host - Peter Manev, and find our guest here: https://orkl.eu

Join us for a conversation with Erik Vanderhasselt that will leave you with a newfound appreciation for the role of cyber defenders. As the principal incident handler for numerous prestigious European institutions, Erik shoulders the task of safeguarding their critical assets from unforeseen threats and plays a critical role in optimizing Security Operations. In this episode, hosted by Peter Manev, Erik discusses the evolving landscape of cybersecurity and shares stories about the dynamic nature of his job, from identifying and analyzing potential threats to coordinating rapid response efforts.

As the threat landscape continues to evolve, the integration of automation into network security has become an increasingly critical need for organizations to improve the performance of their security tools. Join host Peter Manev and guest Jeremy MountainJohnson, a Security Analyst serving on the board for the Minnesota Chapter of High Technology Crime Investigation Association, as they explore the latest advancements in cybersecurity automation and discuss the areas for improvements. Find Jeremy: Linkedin: https://www.linkedin.com/in/mountainjohnson/

Locked Shields and Crossed Swords are the two biggest annual cyber exercises, but who makes it all possible? Meet the Head of Cyber Exercises in the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) - Carry Kangur. Learn how more than 300 people work together daily to create the opportunity for cyber defenders to learn new skills and meet with other professionals from around the world. Join Carry's conversation with our host - Peter Manev, and get the insights of the day-to-day management and planning in NATO CCDCOE. Find Carry Kangur and CCDCOE: LinkedIn: https://www.linkedin.com/in/carrykangur/ Twitter: https://twitter.com/carry_the_k CCDCOE https://ccdcoe.org/

Dive into the world of network security monitoring and hear the stories of the product manager of Hunt & Hackett - Joost Bijl. With more than 20 years of experience in the field, he has seen a lot and is excited to help other security practitioners learn from his journey.

Books, start-ups, cyber emergencies or podcasts? Diana Kelley has done it all. With more than 30 years of experience in the cyber field, she has seen a lot and is excited to share some interesting moments of her path. As an expert in the industry, Diana realizes the importance of helping young people and women enter the cyber field. She is currently the Chief Strategy Officer of Cybrize, founded by her and Valmiki Mukherjee, and serves on the board of Cyber Future Foundation, WiCyS, and Executive Women’s Forum. Check our Episode #1 with Diana Kelley, and find her and the projects she’s working on here: Diana Kelley's LinkedIn ProfileCybrizeCyber Future FoundationWiCys - Women in CybersecurityExecutive Women's Forum

For cybersecurity defense professionals seeking entertaining stories from their peers, Blue Team Diaries celebrates defenders by giving them a platform to tell their experiences. Blue Team Diaries is 100% focused on honoring those who work to defend their organizations and to build tools for defenders. Each episode is an interview-style conversation between the host and one guest. Blue Team Diaries is a podcast by Stamus Networks that is available in audio and video formats wherever you get your podcasts.