Snake Oilers: Socket, Teleport and Mandiant's Purple Team

Roll up roll up!

Snake Oilers isn’t our regular weekly podcast, it’s a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here.

We’ll hear from three vendors in this edition of Snake Oilers:

  •, a software supply chain product that currently deploys as a GitHub addon
  • Teleport, a company that makes a secure access gateway/single sign on product for engineers to securely access infrastructure
  • Mandiant joins us to pitch its Purple Team engagement product


Srsly Risky Biz: After Viasat, Space Systems Get Scrutiny

PLUS: Cyber diplomacy and disaster relief take flight...

In this podcast Patrick Gray talks to Tom Uren about a report by CSC 2.0 that recommends the US government designate space systems as critical infrastructure. Lots of satellites systems are already covered under other critical infrastructure sectors such as communication or defence, but Tom agrees that there are some good reasons to carve out a space-specific critical infrastructure sector.

They also talk about the US State Department working on developing a portfolio of cyber diplomacy “offerings”, ranging from disaster relief funding, to technical capacity building, through to policy-level cyber education. This seems like a great idea.

Risky Business #702 -- 3CX: It's like SolarWinds, but stupider

PLUS: Why Wiz's latest AzureAD research is worth a second look...

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

  • Why 3CX was the dumbest supply chain attack we’ve seen
  • Why Wiz’s AzureAD research was a showstopper that didn’t get the attention it deserved
  • How attackers are burning down cloud infrastructure
  • The latest from the world of spyware
  • Much, much more

This week’s show is brought to you by Nucleus Security. Chris Hughes from Aquia is this week’s sponsor guest. He appeared at Nucleus Security’s invitation.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Between Two Nerds: The NCF's Practical Guide to Offensive Cyber Operations

The UK's National Cyber Force explains how it uses offensive cyber operations to mess with people...

In this edition of Between Two Nerds Tom Uren and The Grugq discuss the UK’s National Cyber Force’s recently published “Responsible Cyber Power in Practice” document. The Grugq thinks he’s been plagiarised, while Tom wonders whether the NCF’s “doctrine of cognitive effects” highlights the limits of cyber operations. It’s a good document and will be influential in shaping how people discuss offensive operations (those that disrupt, degrade, destroy etc).

Risky Biz Soap Box: Haroon Meer on why the VC apocalypse is great news

The wicked will be punished! The righteous will ascend!

In this Soap Box edition of the show, Thinkst Canary founder Haroon Meer joins us to talk about why the sudden pullback in venture funding in infosec is actually a good thing.

He thinks this will give founders licence to slow down and actually focus on making good products, instead of trying to build a company around vapourware or a minimum viable product.

Risky Biz News: Genesis Market goes boom

PLUS: Kaspersky spies final 3CX payload; Western Digital discloses hack; Australia and NATO ban TikTok.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

Between Two Nerds: Why Glowing Symphony Feels So Small

In 2016, US Cyber Command changed ISIL's passwords while Russian operatives interfered with the US Presidential election...

In this edition of Between Two Nerds Tom Uren and The Grugq contrast between different cyber operations that occurred in 2016. In one, US Cyber Command used cyber operations to attack ISIS’ propaganda operations. In the other, Russian cyber operators interfered with US Presidential elections. US action was tightly scoped, measurable and an underwhelming success, whereas Russian activity was nebulous and hard to measure but could have changed the course of the election.

Srsly Risky Biz: Army. Navy. Air Force. Cyber Force?

PLUS: UK's National Health Service gets its own cyber strategy

In this podcast Patrick Gray talks to Tom Uren about the a thought bubble floated by military cyber professionals that the US armed forces needs a US Cyber Force. The justification is a bit light on and Tom doesn’t really think the proposal makes sense.

They also discuss US Cyber Command’s “Hunt Forward” operations. In these operations partner countries invite CYBERCOM in to hunt for adversary activity. Access to networks is touchy stuff, though, so CYBERCOM spends a lot of time and effort in diplomatic efforts convincing potential partner agencies. We think these types of activities are great but in some parts of the world — think Asia — a warmer and fuzzier branding might be the go.

Risky Business #701 -- Why infosec is wrong about TikTok

PLUS: White House drops executive order on spyware...

NOTE: Patrick’s audio is a bit degraded in a few parts of this episode. It’s still clear enough, but if you hear some degradation in parts then yes, it’s us, not you.

On this week’s show Patrick Gray, Adam Boileau and Tom Uren discuss the week’s security news. They cover:

  • The Biden White House’s executive order on spyware
  • Why the infosec community writ large is wrong on TikTok
  • Clop campaign: it’s time to ditch your file transfer gateways
  • Major Android app booted from store because it was full of 0day privesc exploits lol
  • More detail on the BreachForums admin arrest
  • Much, much more

This week’s show is brought to you by runZero. HD Moore, co-founder of runZero, is this week’s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick, Adam and Tom on Mastodon if that’s your thing.

Between Two Nerds: The Real Problem with TikTok

Many of the dangers of TikTok are overstated, but it is still a real problem...

In this edition of Between Two Nerds Tom Uren and The Grugq look at what the real problems with TikTok are. Many people are focussing on risks we think are irrelevant or overblown, but it is a massively influential app under Chinese Communist Party control.