Champagne with Our Campaigns: A 100th Episode Happy Hour Artwork

DISCARDED: Tales From the Threat Research Trenches

DISCARDED: Tales from the Threat Research Trenches is a podcast for security practitioners, intelligence analysts, and threat hunters looking to learn more about the threat behaviors and attack patterns. Each episode you’ll hear real world insights from our researchers about the latest trends in malware, threat actors, TTPs, and more.
Welcome to DISCARDED

All Episodes

DISCARDED: Tales From the Threat Research Trenches

Champagne with Our Campaigns: A 100th Episode Happy Hour

April 28, 2026 • Proofpoint • Season 1 • Episode 100

0:00 | 1:00:04

Send us fan mail!

Hello to all our Cyber Pals, Cyber Centaurs, Cyber Stars, and listeners who have been with us for 100 episodes! It’s our 100th episode—and we’re raising a glass to celebrate. 🥂

Host Selena Larson is joined by long-time guest hosts, Sarah Sabotka and Tim Kromphardt, and honorary host, VP of Proofpoint Threat Research Daniel Blackford, for this commemorative episode of Discarded! We reflect on the journey so far, revisit standout moments, and look ahead to what’s next in cybersecurity.

From unforgettable guests and inside jokes to real lessons learned from years of tracking threat actors, this episode is part celebration, part reflection, and part unfiltered cyber chat.

We dig into:

Favorite podcast guests and the insights that stuck with us
The reality vs. hype of AI in cybersecurity (and what’s actually useful)
How threat actors are evolving—and where they’re… not
The surprising truth about targeting, myths in the industry, and why attackers don’t need to be sophisticated to be effective
Behind-the-scenes looks at the tools and research we’re building right now

Plus, we answer listener questions, share a few laughs (and a few drinks), and talk about what the next 100 episodes might hold.

Whether you’ve been with us since episode one or just discovered the show, this milestone episode is a thank-you to our listeners—and a reminder that cybersecurity is as much about people as it is about technology.

Cheers to 100 episodes. 🍾

Resources Mentioned:

https://www.nytimes.com/2026/04/04/technology/ai-chatbots-teen-roleplay.html

For more information about Proofpoint, check out our website.

Subscribe & Follow:

Stay ahead of emerging threats, and subscribe! Happy hunting!

SPEAKER_01 0:03

You're listening to Discarded: Tales from the Threat Research Trenches, a podcast by ProofPoint for security practitioners. Each episode you'll hear from security researchers, malware analysts, threat hunters, and more as we dive into what's going on in the world of cyber attacks and how defenders safeguard us from threats. Let's get into the show. Hello to all our cyberpels, cyber centaurs, cyberstars, listeners who have been with us for 100 episodes. Hello, everybody. I am your host, Selena Larson, here on the Discarded Podcast with my co-host, Sarah Sabodka, Tim Crompart, and honorary co-host today, Daniel Blackford, VP of Far Research. Daniel, welcome to the podcast. I saluted the listeners couldn't see that, but well, and I right now am proposing a toast because this is a special episode. It is a happy hour episode of the Discarded podcast. So cheers to our listeners. Cheers to everybody on the podcast right now, whatever your beverage is drinking. And cheers. Thanks so much for tuning in.

SPEAKER_03 1:15

I do think one of the initial suggestions for Discarded was that every episode was a happy hour episode and that the title should be champagne with our campaigns.

unknown 1:26

Yes.

SPEAKER_01 1:26

And Daniel, whose idea was that?

SPEAKER_03 1:28

Saluda reference. I have no idea, Selena. I don't remember. I just remember that it was an idea.

SPEAKER_01 1:33

It was your idea.

SPEAKER_03 1:34

Oh uh huh. Nope. I would never suggest something. It'd be a veritable champagne supernova, if you will.

SPEAKER_01 1:40

Oh, I like that.

SPEAKER_03 1:42

So shout out to all the Oasis fans in the audience.

SPEAKER_01 1:47

Exactly. Well, I do think this is a very special moment for us. It is a hundred episodes when this started. When did we start this? Years ago.

SPEAKER_03 1:56

Years.

SPEAKER_01 1:57

I actually didn't even know it was a hundred episodes coming up until our producer was like, oh my gosh, it's gonna be a hundred episodes. What are you guys doing for it? And I said, Wait, really? I've done this a hundred times. Technically 99 times because Sarah stepped in for me when I was sick and dying from the flu. So womp womp.

SPEAKER_00 2:14

But I made it sound really cool. Like you were off doing something like super secret ninja disrupting cybercrime and everything. And you just you just blew my cover on that one.

SPEAKER_01 2:25

Oh, right. Well, whoops. I had the flu. But I appreciate I appreciate you covering for me, Sarah. It was fun. Thank you for letting me do that. So to celebrate a hundred episodes, we asked our audience, our listeners, our friends of the podcast what they would like to hear from us and if they had any questions from our audience. We did get one question from Mike Raji, who is now a threat researcher at CrowdStrike, and he asks, Who was your favorite podcast guest of all time? He wanted us to say himself. So no one is allowed to say Mike.

SPEAKER_04 3:02

Setting us up for that.

SPEAKER_03 3:04

I I will say that it is legendary that Mr. Raji had Proof Point referred to by the Chinese foreign ministry as the white glove of the US government. That is that is one of the coolest things that has ever happened to Proof Point for sure.

SPEAKER_01 3:20

That's true. And he did come on our podcast to talk about China APTs multiple times. If you miss those, they are in our archive, so definitely check them out.

SPEAKER_04 3:28

But does he own a set of actual white gloves?

SPEAKER_01 3:30

I think probably for this, yeah.

SPEAKER_03 3:32

Like I'm positive that he does because I'm pretty sure that he like prior to being purely cyber, he inspected art uh as as for as forgeries, right? Like he would verify the authenticity of various paintings, and I'm positive that requires white gloves.

SPEAKER_04 3:48

One of the most international man of mysteries, you know.

SPEAKER_03 3:53

I do commie too, like going back to his question though, I I I do think I have an answer. I would say that in general, I always love to hear from guests that are working on things that I know a little bit less about, or I like I don't know them as well, so they have perspectives that I haven't necessarily heard. So I love I love when like Dr. Bob comes on or uh I Alan Liska's uh episodes are classic, but the quote that has stayed with me through all the episodes would go to to Alex Pinto uh on the question of whether who I just saw at RSAC, by the way, but on the question of whether attribution matters, and his answer what was only uh only if you have handcuffs or missiles.

SPEAKER_01 4:42

So that was that was a pretty epic conversation talking about the Verizon data breach report that was released a few months ago. He's just a fantastic interview, too. If you haven't listened to it, definitely go back and check it out. There were many, many gems, including the one that Daniel mentioned for sure. Sarah, I know you love Dr. Bob and you make up the best metaphors every time.

SPEAKER_00 5:06

I do love Dr. Bob. He he like makes my brain so happy, but I was literally, I was also gonna say Alex Kittle from Verizon for my favorite guest. And I'm not just saying that because Daniel said it, but really, he yeah, he was awesome. Lots of really good things. You did you were in my brain, but yes, I I love Dr. Bob so, so, so much. Um, I could just, I would love to host a podcast, just he and I as the hosts. So um he's a wonderful person. Uh lots of really I mean, I he taught me about the amygdala hijack, which is something that I carry through pretty much every customer or public or you know, private presentation. It's really fascinating and it makes it like kind of makes the social engineering make sense to people. So I love it. And the amygdala hijack is it is when your brain, your prefrontal cortex kind of has takes a back seat because your brain is in such such overdrive when something like creates anxiety or excitement or scares you and basically derails your whole thought rational rationale process. So yeah, he puts it a lot more eloquently in his episodes. So definitely go check those out.

SPEAKER_01 6:14

Yeah, we have multiple on the psychology of social engineering, which helps people understand why this stuff works. Because fundamentally, social engineering is not a technical problem, it is very much a human one. Tim, if you say Alex Pinto, we're gonna have to re-record this entire segment. No, you can't all love Alex Pinto.

SPEAKER_04 6:33

I was gonna say Wired's andrew coates. I love talking with him uh about the FOIA requests and everything. It was a really good time and it's really interesting conversation. So, and he's just cool, cool dude.

SPEAKER_01 6:43

We've had a couple of great guests. Andy Greenberg joined us as well on the discarded podcast. His conversation was absolutely fascinating, talking about cybercrime and his books on tracking threat actors on the dark web and how crypto can actually be used for attribution. And it's really interesting how that is seized and used in court cases. That was a fantastic conversation. Tim, when we brought other Tim on to talk about the time he got scammed and was cyber attacked and lost a bunch of money because he fell for a fake laptop scam. So a firsthand account of being victim to scammers. We've had just an absolute ton of people. I do have to say, I I love when we go off the rails a little bit, like Janina Poe's dramatic reading of an email posing as who was it? Robert Redford, Clint Eastwood, uh, one of those guys. That was fantastic. And our, of course, karaoke host, Greg Lesniwich. Every time he comes on, he sings a song. So we've had so many amazing, wonderful guests on our 100 episodes. It's impossible to pick a favorite. So tell us what was your favorite? We'd love to hear from you because we would like to bring them on, bring them back, bring them, you know, more of the content that you are listening to. So I also kind of wanted to talk about Daniel. As you're here with us, you were just at RSA. And I think you're so happy to be at RSA. And I think I think that right now we're in a very interesting time for cybersecurity, and I'm constantly being asked things like, oh, how is cybersecurity like being changed by artificial intelligence? And I saw a bunch of uh reviews of RSA that were like, oh my gosh, there was nothing besides AI anywhere. And it was honestly kind of overwhelming and confusing how the industry is going. And, you know, I kind of wanted to talk about because we talked about it a lot on the podcast in terms of like how threat actors are using it. You know, we've had Tommy come on to talk about Trust Connect. I've certainly ranted about it. But I'm curious, you know, like what are we actually expecting as we move forward? What are the next hundred episodes gonna include mentions of artificial intelligence and LLNs?

SPEAKER_03 8:49

Dr. Bob's gonna come on and talk to us about a new branch of psychology that is specifically therapy for agents and and what what we learn about the way that they uh that they process. No, like it's it's fine to go to RSA C, right? Like you have to say you have to say C or they'll fine you.

SPEAKER_01 9:10

Oh my bad, RSA C.

SPEAKER_03 9:13

Watch out for that legal letter that's coming your way, Selena. But it like, you know, there's a lot of shaking hands and kissing babies. Uh no, I didn't I didn't kiss any babies, but it did shake a lot of hands, and I talked to a lot of customers, and obviously I was down, you know, on the expo floor. And to your point, it is a little overwhelming. I actually made the joke that I would love to see a a graph of the ambient temperature in that space over time as more and more of the booths like just became consumed with neon lighting and uh incredible tech, right? Like over time, what how many how many average degrees have we gone up? And humans and their bodies and humans, though I think attendance-wise, this was uh kind of a down year, but yeah, yeah, absolutely. And I I think like I think the this is the case for for a few reasons, and we'll get to what the next 100 episodes hold afterwards, right? I think like the pace the technology is being improved, and the capabilities that go along with that is incredible. And so people who were doubters, you know, people like Selena Larson, maybe six months ago, are maybe less less doubters now. And in that time frame, you know, we're not at the end stage yet. Things aren't operationally optimized, min-maxed, locked in. We're you know, we're still experimenting, and maybe there's greater and greater adoption over time, but there is also still a lot of uncertainty as to what the you know final form is going to look like, if if we can even say final, right? And so I think also at the same time, you have the same technology enabling people to start businesses and they want to ride the you know capitalism wave and be the ones who are providing the service that is ultimately going to replace all those people who are are being displaced, right? And so I would say, you know, probably 60% of the businesses in the Muscone Center, if they're purely AI focused, some new AI solution and not incorporating AI, you know, smartly into an existing solution, might not be in business next year. So so like there's there's part of that, right? But to circle back to the point on the next hundred episodes, I also think that it's like inevitable that we are moving toward this agency future, and it's reasonable and it's part of doing due diligence to figure out how you're going to actually protect those things. I love the fact that we're constantly getting comments and questions from customers on what the right steps are. I mean, there's also like shadow AI that is, you know, you know, op open clause being deployed on people's machines locally in places, but at the kind of organizational or systemic level, uh, I think it's a credit to how far the industry has come that instead of just going forward with you know, throwing caution to the wind, people actually want to know how they how they can best uh secure their data, secure their people.

SPEAKER_01 12:25

I have a couple of comments on your comments, Daniel. First of all, I would like to push back on this slander that Selena likes AI now that I have heard from her. That's what I heard twice today.

SPEAKER_03 12:35

She's vibe-coded her own apps.

SPEAKER_00 12:37

Yeah, she's very much into it.

SPEAKER_03 12:39

How many graphs have you shown me in the last two days?

SPEAKER_01 12:43

First of all, probably like a dozen. But second of all, I think that there's this interesting gap where AI and LLM use cases for actual productivity has just gotten better and better and better. And I am, you know, buying into that. I do think it's cool. I did have a little bit of imposter syndrome and I was feeling overwhelmed with everything because I feel like this AI stuff has just been dumped on people with no like vision or cohesion or like just use it. It's like, okay, well, you know what, how? Like, how am I supposed to use it? How do I incorporate this into my workflow and how do I make things better? Um, talking with my hands and I'm I'm throwing my headset around and knocking over my drink, guys. It's really a truly a happy hour in Selena's floor, which I am sitting because my house is under construction. But I will say that there's this big gap in between between like Gen AI and like AI for productivity, because I feel like while AI for productivity is getting a lot better, the societal outcomes of Gen AI are getting worse. And it makes me sad. And I still don't like that aspect of this technological future where people are getting advice on how to self-harm themselves by talking to these chat apps. And there's no real accountability for, you know, people talking to them for 20 hours a day. There was a New York Times article that came out about how teens are using it. But I did think it was interesting how it noted that some of the teens over the course of a year got bored with it and realized like, wait a second, this isn't how I should be spending my time. Like I want to go back into the real world. And there was like studies done about how uh it improved their happiness and like how they were perceiving themselves when they stopped using gen AI tools to talk to and and to in and to play with. So and they call it play too, which I think is really notable. But yeah, I don't know. I I am on board with the with the productivity though. So yes, I have built I have built an app. It's cool. I make graphs now. That it saved me like hours and hours and hours. Which is nice. So Daniel, Daniel said I'm a data scientist.

SPEAKER_03 14:49

Yeah, absolutely. You know, you have coded things that previously, yeah, would have taken people hours or days, and the data analysis is there and it's good, and you know, now that like the sky's the limit. If you want to, you know, look at it from a different lens or perspective or incorporate another data set, you can you can do that, and that's amazing, right? And I think we already work with so many talented, intelligent, productive people getting the most out of the technology, like it just turns them into superhumans. I I don't know. It's amazing. Like, I don't have as much time now that I have to do leadery stuff to work on interesting investigations or you know, campaigns, actual activity as I used to data analysis. I just don't I don't have as much time, but you know, coding assistants give me the opportunity to actually produce some fun things uh, you know, in half an hour, which I can fit into some days, right?

SPEAKER_01 15:55

But Greg asked us a really good question. And Sarah and Tim, I'm curious as to your thoughts on this. With all of the Gen AI stuff, do you feel yourself busier? Like so more busy, less busy, same amount of busy.

SPEAKER_04 16:11

Same amount of busy, but pain points are kind of sanded down, right? Like it's not completely gone, but like things that would normally take, like, especially with like large IOC lists and things like that, you get those. Instead of having to manually go through those, figure out some regex, it's gonna work for that, blah, blah, blah. You can take 10 minutes or 20 minutes, make a little vibe-coded app that can just do all that for you. And then from that point on, you save yourself 30 minutes or whatever per day. You know, 30 minutes a day doesn't sound like much, but it does add up and it does help a little bit. But is it like life-changing? Not necessarily, but it does help and it makes you a little bit more productive, which is great, and it's empowering, right? And I think that empowering part is really important because if you can empower yourself to do these things, you're still valuable in this new AI world. And if you are not able to do that, companies are just good, you know, they're gonna do what they're gonna do, right? We don't encourage in this capitalist society uh altruism and just charity. So you have to prove your value, and unfortunately, that means uh adopting some of these techniques, and otherwise, they're just gonna find someone that can do the work of uh you know vibe coding two people away, you know, and they're gonna give that money to that person and take most of that themselves. So I I think it's important that we all skill up and and move forward with that.

SPEAKER_01 17:29

So that's what I feel. And think about universal basic income.

SPEAKER_04 17:33

Right, Sarah. Yes, please think about that. Please think about that.

SPEAKER_00 17:37

So I thought that was a really awesome question, and it made me that Greg asked, and that made me think a lot. Like, because I actually do like my first instinct was to answer, I feel overwhelmed. I feel busier, I feel overwhelmed, but it's not that. It's actually um, the more I reflect on it and kind of listening to what Daniel was saying, is that so my role is one of those hybrid roles, right? So I'm a researcher and I also do a lot of speaking engagements specifically with customers, prospects, and things. And that, if anybody is not aware, when you're doing a speaking engagement, that takes a lot of like behind the scenes time and energy. It's exhausting and so much, so much work for like 45 minutes to an hour of talking to somebody. So I for a while had kind of felt like a little discouraged because my research was like kind of taking a backseat because I was doing more customer stuff and I had been working on some really interesting research things, but hadn't kind of really broken through the floodgates of something cool. And over the last several weeks, I've gotten more into the, you know, not really vibe coding, but using LLMs to create scripts and little tools and such to surface a lot more. So now I feel like I'm busier because I have more access to the threat data because of stuff of the surfacing that I've been able to do with these tools. And now it's like I'm like always out, like super, super like, okay, I can do this, I could do this, I could do this, I could do this. And now I'm just thinking of like what more, more, more I can do with these really cool things that are time savers, that are doing things that would, you know, in a small period of time that would take me probably months to do and a lot of like pressure on myself. So I am not overwhelmed in a bad way, just more overwhelmed, I think, by the excitement and the potential for what more can be done. Uh and I'm finally am seeing the actual value of these tools. Like I'm a I'm a you know a big fan of I'm we can't endorse any chat bots, I don't think, but um, or LLM tools, but I'm a big fan of a certain one. I found really great success, success with it. And I I, you know, that's my go-to. And it just feels uh it just feels like it's getting easier to to get what I need from it the more I use it. So so yeah, I I'm busy, busier, more productive, more refined. Is that a good word for it?

SPEAKER_01 19:54

Yeah, I think it's yeah, and I and I think it's interesting too, because as we've seen from the threat actor perspective, Tommy made a great point. Tommy, we love Tommy Majar. He's a friend of the podcast, had a great uh conversation with him a couple weeks ago, but he made a great point. Well, he spent so much time with these, by the way, you guys. I don't think there's really anyone else who has put more like time on clock.

SPEAKER_04 20:16

Or vibe coder in chief.

SPEAKER_01 20:18

He's a vibe coder in chief. Rough proof point. But I think it's important to note that caveating all of this, it's helping us because we know what the data is and what the data source is, and we can validate that it's correct. Um, because Tommy's run into some issues where it's wrong and it just says, oh, you're correct, and you have to fix it because it'll give you the wrong answer. It'll give you bad data. And, you know, I'm really hoping that he can come on in a future in a future podcast and talk about some of the stuff that he's learned by honestly trying to break these things. Like, how are they useful for threat research or not? And I'm hoping that maybe we can share some examples of stuff that we've worked on. And I don't want this whole podcast to be talking about AI, but maybe if we could kind of just like go around the room and talk about like what are some cool things that we have built that have made our lives easier that maybe our audience can take away some inspiration from.

SPEAKER_04 21:11

I was gonna say, real quick, uh, I'm very comfortable talking with liars because I work with threat actors all the time. But I will say talking to a chat bot is a lot like talking to a threat actor because a lot of the time it's lying to you so convincingly. Like it was talking to me about how it can't recall previous conversations with me and it doesn't have access to certain, you know, information out on the internet. But it was like talking about, oh yeah, last time we talked about this, you know, this was a perfect example of how you've grown as a person or whatever, you know. And I was like, you just told me you don't remember these conversations. This is literally the first time I've talked to you about this. So what do you mean? It was like, oh, well, you know, in the general sense, I'm saying that, or maybe it's from my training data. And so it backpedaled a little bit, but like it will constantly lie. So if you're not vigilant, just like in All things cybersecurity, you can be really pulled in and sucked into these things. And I think that's yeah, that's that's not great.

SPEAKER_01 22:06

But Tim, should we be worried about you that your chatbot is saying you've grown as a person?

SPEAKER_00 22:10

Is there chatbot psychosis in your future? Not to joke about that, but yeah, no, no.

SPEAKER_04 22:15

That the funny thing was because I was talking about hey, I'm I'm making a vibe-coded app, right? I don't do much coding, but here is some or you know, code that I want to take and like extrapolate out from. And it was like assuming that I wrote that code, so it was like, Oh, yeah, you've grown, you know, you've grown as a person. This is great. I was like, You've grown as a person, yeah. You can copy and paste copy and paste. What is going on? Uh yeah, that that was Chat GPT, and that was actually around the time that I was like, I canceled it, honestly, because it was becoming so like you know, the sycophant or whatever, uh, and just yes manning everything. I was like, I I can't handle this, so I'm I'm I'm out. So yeah.

SPEAKER_01 22:54

Yeah, Tim, I think, you know, I think your use case is super interesting because you've made a lot of tools, and I do think, you know, determining which tool works best for you is really important. Daniel, I'm I'm curious, like you have been working on a really cool database tool, and that's kind of my use case also. So I'm curious, you know, like, do you think that threat researchers, threat intelligence analysts can can use this type of stuff? Like, are there any is there any advice for threat researchers that are trying to do database that might not have um that data science background to be able to produce some of this stuff?

SPEAKER_03 23:25

Yeah, sure, right? So, like this is stuff that I used to do myself, like very manually, right write the code. And I think in some cases it may not be perfectly applicable because you do have to have a lot of data, and that's a problem that we have at Proofpoint. Yes, uh a problem, right? Because whereas a lot of other organizations are, you know, scraping every possible telemetry source that they can in OSINT a little bit on their perimeter, uh, joining various sharing groups to get IOCs. We have the opposite problem where we have we have to like figure out in this sea of hundreds of millions to billions of threats which ones are the most important, which ones do we prioritize? How do we separate something that's like very common from something that's very rare? Um, and so certainly filtering and clustering that is something that needs to be done programmatically, and so you can try a lot of different methods, different clustering algorithms, you know, different filtering, and you can prototype those things really quickly with LLM. So, so and then you know, you want to draw insights out of them too, right? So, um, you know, I have largely been using Hollow Views as a graphing library to just kind of rapidly and dynamically show interesting things uh in in various data sets. Um yeah, that's I like Mapplotlib is also good. I this is a it's a classic, it's a standard. But yeah, mapplotlib, you know, that's I'm not gonna say that's the training wheels, Selena.

SPEAKER_01 25:00

You can say it's the training wheels. It's okay. I I fully I fully own that and I am uh that I am uh that I am a baby coder.

SPEAKER_03 25:07

I mean it's it's the bread, it's the bread and butter, okay? Training wheels is the wrong word. It's it's this it's the standard, but uh, you know, you can there are other libraries that you can do very cool things with, make them, you know, interactive, post them on the web, people can play with sliders.

SPEAKER_01 25:22

Yeah, some interactive JavaScript. Yeah, yeah, yeah.

SPEAKER_03 25:24

Yeah, yeah.

SPEAKER_01 25:25

That's I got I look, I have a lot of requests now that I have shared my tools with people. Like, you should do this with it. And I said, I will put it on my ever-growing to-do list. I think actually going back to that question about like, is it more, or do you have more or less time? I find that I I'm so much more, I'm so much busier. I'm so much busier with AI stuff.

SPEAKER_03 25:45

But but is but is it is it fun busier, right?

SPEAKER_01 25:50

Like I feel like I could I feel like I need a clone of me to do all the stuff that like needs to be done.

SPEAKER_03 25:56

Code and agent. No, as as a techno as a technologist, though, right? Like I I'm just someone who is interested in in technology. I'm like passionate about it. I want to understand how it works, I want to get the most out of it and and use it, right? So yeah, yeah. Maybe they're maybe you're doing things more contiguously throughout your day. But if some of those things are more fun or are exploratory, then maybe you know, different parts of your brain are being tickled. We could ask Dr. Bob, uh, you know, outside of the amygdala, uh, what regions are being stimulated.

SPEAKER_01 26:28

It's the ADHD urge to hyperfocus on building a tool that you'll look up and you're like, oh, it's six o'clock and I haven't eaten breakfast.

SPEAKER_02 26:37

Gotta achieve flow state. If you're not achieving flow state, what are you doing with your life?

SPEAKER_01 26:40

Yeah, yeah. No, you're correct. You're correct. Yeah. I told I told Sarah earlier, I was like, I gotta stop working on this, I gotta go do other things. Gotta get back to the other stuff, matherless.

SPEAKER_04 26:49

It will suck you in though, for sure, until you hit your your token limit, which is great, you know, that we have this.

SPEAKER_01 26:55

It's a good, it's a good like withdrawal thing. It's like bricking your phone for social media. Yes. You know, like big fan of that.

SPEAKER_03 27:01

But my my token limit in my personal time is my bank account.

SPEAKER_04 27:06

So yeah, so maybe not.

SPEAKER_01 27:10

I am not. I have there's zero AI in Selena's personal time. I have to say, uh, we're I'm fully uh not on that, uh, not on the AI outside of work.

SPEAKER_03 27:21

Well, it's it's it's fun, it's fun stuff though, right? Like I'm I'm writing this game solver, uh a Monte Carlo tree simulation with replacements so that I can crush people at the Star Wars Unlimited Galactic Championship this summer.

SPEAKER_01 27:33

You know, you know what? I just I just lied to everybody. There was some brief AI use outside of Oh, it was on, yes, it was on fantasy basketball.

SPEAKER_03 27:41

I remember this.

SPEAKER_01 27:42

Me and my husband are in a fantasy basketball league with some of our amazing cyber friends. And look, I got first place in the loser bracket. So just saying I got fourth place. Uh fifth place? I can't remember how the loser bracket works, but I was like, it would be so fun if we could create an agent to go back and look at how we drafted versus the outcome. And so my husband has a personal LLM that he uses, and he's like, my wife is asking me. The prompt was my wife is asking to look at our uh fantasy draft in basketball and the outcome of all of our teams. How did we do? And it was shockingly fun. Um, and it came up with like some burns for you know the people who weren't the loser champion um of the fantasy league. But I have to say that was the one time and I was like, ooh, this was fun temporarily, but I don't know. I don't I don't know if I want to invest all my time into creating a like uh a summary of my fantasy basketball addiction because let me tell you, it was bad this last year. I was I spent way too much time on the ESPN app. All right, so pivoting a little bit, I want to talk about cool things that we're working on. So as hosts of the discarded podcast, we rarely get to actually talk about stuff that we're doing. And Daniel, you are the vice president, you're like the big boss man. And even though you're my BFF of Proof Point, you don't get to come on and talk about cool stuff that you're working on. But you have built some really cool tools recently. And I know Tim and Sarah are working on some really, really interesting threats. And I'm curious, can you give us a little sneak preview of some of the stuff that you're working on? And how does it fit into the broader themes of the threat landscape that we are seeing as we move into this sort of, I don't want to call it a new era of cyber threats because it's just the same stuff. It's the same stuff with a different, you know, outfit on.

SPEAKER_00 29:41

I mean, full disclosure, I think we all know here we have uh a little bit of a smaller group of threat actors that we track formally that are engaged in business email compromise and fraud. You know, those like social engineering-based threats. They're a little trickier to kind of fit into our incredibly thorough and special proprietary secret sauce of attribution that I call it the attribution matrix. So we are we are biased to credit. Yeah, it is, it is, I mean, to be to be fair, it is kind of easier to evolve a threat act threat cluster into an actor. Daniel is boring more for this to prepare.

SPEAKER_01 30:22

Actually, I'm gonna top myself off too. It's a new topic. It deserves it deserves a little bit more.

SPEAKER_00 30:28

So my tool, um, I wanted, I'm working on um, I'm tracking threat actors that are specifically using like W9 PDF attachments. Um, it's it's your kind of traditional invoicing lure, um, but they are now uh the messages are now carrying with them an additional attachment that's a W9, just to add legitimacy to their scam, essentially. And longer language, more uh high value impersonation are hard, you know, of executives and language that makes sense and fits the context of the targeting. So I really want to, my goal. I mean, I've been here now, proof point for it'll be five years at the end of this year. And uh I talked with this about Jared on the last podcast is to have your own like threat actor to actually like establish a threat cluster and graduate it to a TA name is kind of like a like a holy grail or a white whale or whatever, you know, term. It's like the, you know, the thing. It's like, yes, I'm so proud of it. So that's what I really want to do this year. So my tool that I I kind of came up with, and I figure, you know, with these threats, they're not, you know, there's not malware infrastructure to track, there's not credential phishing infrastructure. There's like very little infrastructure to track, to be quite honest. It's like reply to addresses and registrations and things like that.

SPEAKER_01 31:43

I was actually gonna ask if you could give our listeners kind of an overview. Cause yeah, like we do track infrastructure, but with BC actors, it's emails mostly and phone numbers and yeah.

SPEAKER_00 31:53

Yeah, and mine don't my guys don't even have, or guys are gals, or they these are them or the A's or whatever, they don't have phone numbers. So it's like really hard, and they're they're doing a lot of brand impersonation, like brand misuse. So it's very tricky. So I built this tool. Well, it's it's a script to be clear. It's a very long, uh, intense script. It's still in in process or in progress, but um to kind of pull metadata from the message, right? The attachments, pulling stuff from headers, and it's a ton of data. So it's like really kind of hard to just do this on your own. Like, I was doing it in an Excel sheet like by hand at first. I was like, this sucks. This is so bad. So when like we, you know, started doing more stuff with AI, and we have we know we have agents now or or LLMs to use, I was like, let's do this. So um just parsing all the data and then mapping it and mapping the similarities and the overlaps. And I'm starting to see it's still kind of like a mind twister, we'll call it, because I'm like, are these separate clusters? Are they the same cluster? Like one day I'll be too super convinced that it's like three or four different clusters, and then the next day they'll all be using like the same reply to. So it's it's really like quite uh a circus. So this this script, this tool is helping to visualize the the association, like the the similarities, the themes, the the even the metadata from the PDF attack, like how they're being created, and starting to map it a little bit more with like some of the open source reporting too, which is really exciting. There's I know Fortra wrote a report on scripted sparrow, which is a threat actor uh that's you know, got overlap with another threat actor in our data. So I'd be really excited to actually have like full over like to establish full overlap with them so we can have those similarities. But but yeah, so trying to do that with trickier infrastructure, like it's like a lack, I guess we'll say a lack of infrastructure, like as in nowhere and cred fishing, uh, has been really, really fun. And I think that, you know, as threat actors, I think I feel like threat actors engage in more of that benign combo stuff. I know we did a whole human factor report on it. I know APT actors do a lot of benign combo. I think it, you know, in this day and age of AI, maybe threat actors will do that more and more, and there will be a couple more steps and a couple more messages before the actual malicious payload or the malicious URL comes through on the pipeline. Uh, maybe the script could help really just prevent all of that or track all of that before we even get to that malicious payload or the URL or the attachment.

SPEAKER_01 34:27

So I want to highlight just for our listeners some of the characteristics that you are looking at as a fraud hunter. So you mentioned the PDF hashes, and we actually had Kyle Eaton on to talk about the PDF hash, basically a matcher tool that he created for our sandbox. So we can look at similarities in documents and PDFs. That's actually really cool because we've seen some overlap in PDFs that don't look the same but contain that are that are hashed the same. So we're able to look for similarities in documents. Email headers, you mentioned that is a super goldmine for people to look at. And that is an underutilized resource. So you have, of course, sender information, you have X mailers, you have the hello, you have the IPs, you have so much metadata that exists in email headers that is a lot, it's really useful for tracking fraud threat clusters that in many cases set up their own like mailing infrastructure, but like it it looks completely different. And so it is it is super helpful to match on what other things are you looking for? Like what would you give to threat researchers interested in fraud tracking, like characteristics to look for?

SPEAKER_00 35:30

Well, of course, the like the spoofed URLs, like the domains to look like or the to look like legitimate company domains. I mean, there's a couple AI consulting, we'll call them AI forward consulting because they're business consulting, but it's it's primarily they're like on AI right now, they're like legitimate companies, and they're smaller, they're not like huge, well-known organizations, but they're smaller that are being spoofed quite a lot or impersonated quite a lot in these campaigns. And these threat actors continue to set up look like domains. I think I saw one the other day, it was the the name of the company dot teen or dot io or dot, you know, whatever. And when you look data the the domain registration information, I've found some OPSEC failures that are really exciting. Some, you know, even commonalities with who they're registering their sites with, like I know like Squarespace, right? That's a big one. There's also like name silos come up a few times. So some of their favorites, just tracking all of that and putting it all together. I mean, going back to the email headers, one of the cooler things that I found too that would not have like immediately occurred to me was like response receipts. So, like if you send an email to somebody and you have the response receipts turned on. I know as an organization, you you can probably you can turn them off altogether. But if you, you know, if you if you receive a message and you don't have response receipts turned off and you open it, then a message, a receipt essentially goes back to the sender that says this message was opened. And I think I don't know if they can get other information out of that, but other than just to say it was opened, um, I found a couple of like the disposition notification to, that's the field for it, of email addresses there that are different than the reply to or the sender or what's included in the message body. Uh, there's also language too. They use similar languages. They'll even use like similar numbers, like certain discounts, uh, verbiage on discounts, like 10% off a discount or 10% discount if received in four days. And four days is kind of like a random number, right? It's like three days or 10 days or something like that. But four days is different. So there's like these weird little it's some some of it's a little nuanced, but when you see in the grand scheme of things and these big spreadsheets and it's all mapped out with this, you know, wonderful LLM generated script, it starts to make sense and the picture becomes more clear and it gets more exciting.

SPEAKER_01 37:46

Yeah, that's fantastic that's fantastic. And I think, you know, BEC and fraud are one of those things that there are a lot of misunderstandings about, I think, in the overall threat landscape, right? We get a lot of questions about, for example, themes around like the Olympics. Like, are you seeing Olympics stuff? And Daniel, I know one of the things that you love to talk about and you did talk about at RSA is sort of like myth busting. You were oh my god, I can't even remember the guy's name, the Mythbusters, Adam Savage. Yes, Adam Savage. Are you the Adam Savage?

SPEAKER_03 38:19

I am I'm I'm Jamie. I'm definitely Jamie.

SPEAKER_01 38:22

Jamie and Grant Adam. Tim's like, oh, I know. I love that show. It does not, honestly, it doesn't surprise me actually, uh, Tim, that you're a fan of Mythbusters. That that that tracks. Yeah, yeah. Uh so but okay, so Daniel, you're the Jamie of Threat Research. Um, not to not to forget our old Jamie R.I.P. of Threat Research, he's not dead, just left.

SPEAKER_03 38:44

So shout out to Kane. Shout out to Kane.

SPEAKER_01 38:47

Shout out to Kane, shout out to Kane. Um never made another podcast. Cry. Um maybe the next one. You have an incredible Halloween costume. Um but Tina, what would you say? Like, what are some of your favorite, or I guess least favorite, myths that you hope will die over the next hundred episodes? Well, we obviously are not perpetuating these myths, but by the time that it takes to record them.

SPEAKER_03 39:15

So, I mean, uh at RSA C, what I uh Oh my god, I'm sorry.

SPEAKER_01 39:20

Now I'm gonna get two letters.

SPEAKER_03 39:22

$20,000 RSAC in court. At RSAC, you know, a message that not just myself, but uh a lot of the proof point speakers, Molly, Andrew brought with them to the show was in in cutting through the hype of AI, right? Like we we knew, we suspected that the show floor was just gonna be packed with these and that customers legitimately like that could cause some confusion. And it was great to hear customers like asking kind of detailed questions about claims that were being made. But I think you know, we we took a reality versus hype kind of stance with a lot of the content that that we were talking about. It's like, yes, you've heard a lot, this is where we're at right now, you know, this is where you know we we could be in in three months, six months, etc. This is complete garbage, and I don't know who told you that, but you definitely shouldn't buy their product, right? Like, like it's just separate reality from the hype. But I think to your point, there are a lot of I don't know, things that become true because it seems like it should be logical or real, but when you actually have the evidence and like dive into the realities of the landscape, it doesn't it doesn't actually bore out that way. So, for example, every industry that exists thinks that there are threat actors that are like very highly targeting their industry, and those are the biggest threats to them, and they need to consider those like they need to consider those first when they're taking you know an informed approach to risk management. And I I think if you know, in many, many cases, we're talking about like the entire ransomer ecosystem, all of the initial access brokers, for example, right? Like they're pretty indiscriminate. And it's not just because uh they're running massive spam campaigns. It like uh it's just that they they they uh enough companies out there have nice enough portfolios and financials that if they get a beach head on some system uh opportunistically, then they can they can follow up on that, right? And obviously, you know, it's what fifty billion dollars in the last five years that's been reported by IC3. So obviously that's worked, right? But it's only in in very specific cases that actors are going to regionally target or target on vertical. I'm not saying it doesn't exist, but it doesn't exist at the the frequency or amplitude that businesses want to consider it in their overall you know security decision making.

SPEAKER_01 42:04

Well, and we are actually uh just published some research from our team. Uh the analyst tracks cargo threats, and we partnered with Deception Pro to see, okay, what actually happens post-compromise? What are the threat actors that are targeting cargo, logistics, transportation that could potentially lead to physical goods theft? What are they looking for? And what we found in this post post-compromise activity is that they downloaded a bunch of different RMMs and they, yes, they were looking for stuff related to cargo and transport, but if they didn't find it, they pivoted. So they were looking for bank-related stuff, crypto-related stuff, information that they could use. So threat actors are gonna monetize their compromises regardless of whether they are the initial target or not. And I think that that is a really fantastic example. We'll be sure to drop a link to it in the show notes.

SPEAKER_03 42:54

That research You also just gave like you also just gave one of the examples in which of an industry was like absolutely directly targeted for initial access. So thanks for you know, thanks for what I'm saying.

SPEAKER_01 43:08

I'm proving your point, and is that even if they get someone that isn't directly targeted, they will still monetize it. So so you should be kind of aware. I mean, I thought it was great because we saw, like, yeah, it is. I mean, also to be clear, it is extraordinarily unusual for cyber criminals to be specifically vertical targeted, extremely unusual.

SPEAKER_03 43:29

But it also shows the espionage, like it even even with espionage, right? Like, like, sure, but they're really they're more honestly off more often like people targeted than they are vertical targeted, right? It's it's like, okay, well, well, you're at higher ed, but you are specifically working on research around this, or you have ties to people in a government that are influencing trade policy, right? And so it's like it's less about that organization and more about that person in a lot of cases.

SPEAKER_00 43:59

100%. I think people sometimes give threat actors too much credit. Yeah, totally. They like like the same reason why Agent Tesla and like Sot Golish are still around, like is that been 10 years? Yeah. Like I think Scott Golish was first on the landscape since 2017. And maybe Agent Tesla was 2013. Like we still see it in such high volumes. But and like that, I mean there's been like slight changes and tweaks, but the oldies, you know, they never die and they still work.

SPEAKER_03 44:26

So people love to click things.

SPEAKER_00 44:29

I know, yeah.

SPEAKER_04 44:31

I mean, BBC threats have been around since like the dawn of time before before like actual like written language. So I mean, yeah, it most of these are going away.

SPEAKER_01 44:42

Someone showed up at the building of the pyramids and was like, what if I can provide you net 30 financing on this giant stone?

SPEAKER_00 44:54

Or here's the invoice for this pyramid. Pay it into this new bank account because my old bank account got needed.

SPEAKER_04 45:00

Did you hear the the king's son has passed away and he has a huge fortune of grain for you? All I need you to do is send me three oxen. Come on, let's go.

SPEAKER_01 45:08

Yes, what isn't that Mesopotamian scroll of like or like the copper sales guy?

SPEAKER_04 45:14

Yes.

SPEAKER_01 45:14

The copper, the copper ingots.

SPEAKER_04 45:17

Yes, it's like this guy has horrible quality and he's trying to give me this garbage.

SPEAKER_01 45:21

Yes, calm him out. There's Mesopotamian scams, all right? It is a part of our human culture, all right. I'm just saying Tim's research is an evolution of the copper ingots guy.

SPEAKER_04 45:36

Job security for the next 3,000 years. Let's go.

SPEAKER_01 45:40

No, but your points are I do think it's true. I mean, I do think we tend to give threat actors too much credit. And as I mean, we were talking earlier today about some some uh recent research that was talking about how AI generated threats are uh enabling sophistication and it's like, oh my gosh, it's so much more compelling. And spoiler alert, the threat actors that are using some of these tools that are AI generated tools, that their lures are blank. It is an empty email body that just contains an attachment. So, yes, they are using these AI tools to work through part of the entire attack chain, but let's just say the social engineering has left some to be desired. And I just want to say, what happened to taking pride in your work? You know, like we used to be a society, the ingots guy had wonderful penmanship, and now and now we're just sending lures with empty email bodies. Come on, guys, come on. They're not employing the human in the loop approach to their own.

SPEAKER_00 46:41

They are not the human in the loop.

SPEAKER_03 46:44

You provided a counterexample, I'll provide a counterexample. What about what about void link, Selena? What about void link? Just uh sem semi-autonomous, 14-hour spec driven development, per beautiful modular malware, boom.

SPEAKER_01 46:59

Yeah, but they had terrible opsec, which was able to. Okay, a horrible opsector. It did.

SPEAKER_00 47:06

I'm not saying it doesn't exist. I'm just saying most of what we see is the stuff that's in high volumes that's gonna hit more people than than not is not compelling.

SPEAKER_01 47:15

Which it always has been. I mean, that has been like the like for forever. Like you were saying, Asian Tesla has been around since 2013. I mean, we're still seeing high volume stuff. I know we we can't like you know summon the ghost of emotet, but I think some of our researchers would like that kind of that kind of interesting, sophisticated, cool malware, fun delivery, easy blocking.

SPEAKER_03 47:35

Curls just started tingling.

SPEAKER_01 47:39

Like what okay, one of my favorite podcast guests ever. Pim, I love you. I miss you. Come back on the podcast. Yeah, I forgot to mention him in my top 10 favorite people, but he's my favorite. So come back, come back on the pod, Pim.

SPEAKER_04 47:54

I was going to say, uh, you know, it reminds me of the uh like the nuclear EK, right? Like these guys were writing Jane Austen quotes uh to obfuscate their code, right? Like, get creative, people. You know, AI is not gonna innovate like that for you. You know, you have you have to get creative. I want I want to see some of that. I would love to see more of that. Yeah, right. Like make things interesting. There's also Jane Austen. They used a whole bunch of like, you know, classical novels in their in their obfuscation code. But I would love to see it.

SPEAKER_01 48:20

I mean, look, I'm just saying, where is the Pride of Prejudice malware? Yes.

SPEAKER_03 48:24

I have had discussions with Claude about you know Murakami and Calvino. So I know that it could do it. It could. I know that if threat actors had the inclination, the knowledge is in there.

SPEAKER_01 48:34

Can I tell you a horrible story that's completely unrelated to cyber speaking of Jane Austen? I went to get random stuff at Marshall's, and I found this incredible book vase that I was so excited about. And I thought, oh my gosh, this is amazing. It was a Jane Austen vase. And then I brought it home and I noticed typos on it, and I was like, this is an AI generated Jane Austen book vase.

SPEAKER_04 48:57

Oh no.

SPEAKER_01 48:59

I was so upset. And Sarah and Tim, you saw pictures of it.

SPEAKER_00 49:03

It was so cool until I realized it was AI generated. So anyway, so the lesson here is one of the major aspects of using LLMs is to keep the human in the loop, have the human review. Yes.

SPEAKER_03 49:17

Typos sound pretty human to me. But not if it's like it's probably it's probably just like in it's probably just like an ancient Greek letter. You know, like encyclopedia, encyclopedia, right?

SPEAKER_05 49:31

Like encyclopedia.

SPEAKER_04 49:37

Speaking of, that reminds me of my my new threat actors I've been tracking. Their their lures are getting very creative because they can't they can't put their forms and put the word password and into the actual form they're going to, right? So they they have to direct the user to like the word password is actually just gonna be word word or or data here means password, or just they they've used a variety of things. It's cracking me up because they're just like the word word one just not passed.

SPEAKER_00 50:10

See, that's creative. It is creative. See, you wanted them to get creative, and here they are. They're creative.

SPEAKER_04 50:14

But they also use AI to generate the actual landing page as well, which is terrible, you know. Yeah, it was it was word word, Daniel. Word word.

SPEAKER_00 50:25

I love it.

SPEAKER_01 50:28

You should call him unk word word.

SPEAKER_04 50:29

Unk word word, yes. Unk word word.

SPEAKER_01 50:32

No, we need to have another podcast about the fact that Selena hates unks.

SPEAKER_04 50:37

Everyone over 30 right now.

SPEAKER_01 50:39

What? Why?

SPEAKER_02 50:40

Yeah, I know exactly.

SPEAKER_01 50:42

Bang! No, I love our elderly, our elderly uncle representations of the cool cool elders. I feel like Daniel's an unk. Tim, you're an unk.

SPEAKER_03 50:52

I have 17.

SPEAKER_04 50:53

Yeah, I think I might actually be OG by definition.

SPEAKER_03 50:55

17 nieces and nephews, literally an unk.

SPEAKER_01 50:58

Whoa, that's so much. That's so much unk. But yeah, no, I I don't I don't love the unking of threat clusters. But you know what? I'm a minority of this, but I will happily argue um threat clustering and threat attribution, all day, everyday baby, bring it. Although I don't know if anyone will actually argue with me because I don't know. I I'm very compelling.

SPEAKER_00 51:20

I think at least it's consistent, right? When we when we call something unk underscore in the word, the name, it's consistent instead of having random words smashed together that don't make any sense.

SPEAKER_01 51:34

True, but Sarah, you've been on the podcast where we've had to say like unk spicy noodle or something.

SPEAKER_00 51:40

Yeah, but at least there's an unk in front of it. So I knew it's people because like our naming convention, the TA number number or numbers, is also very consistent, which I even before I came to work at Proof Point and I was a customer, I very much appreciate in a high-volume consumer of Proof Point threat research products. I very much appreciated the consistency and the cleanliness and the conciseness of the naming conventions.

SPEAKER_01 52:06

I'm not just talking about us unks. I know I'm not even talking unks.

SPEAKER_00 52:11

Yeah. I'm not talking about us. I'm this is my passive aggression to community industry naming conventions.

SPEAKER_01 52:17

And that's that's be more forceful than your passive aggression. Be more aggressive, Sarah. I can't tell. I can't tell when you're being passive aggressive. I know.

SPEAKER_03 52:25

We don't have time for me to argue with you, is the is the thing.

SPEAKER_01 52:29

Selena and Daniel arguing would literally never end.

SPEAKER_03 52:31

Yeah, yeah. It's a what do you what do you do with clusters that you've differentiated from the pool of overall threats, but you don't have enough evidence yet to make an attribution to a known group. They're in an in-between phase. Doesn't matter what you call it. You keep it in your notes.

SPEAKER_01 52:50

No. You keep it in your notes. Until you're ready to TA.

SPEAKER_03 52:55

You know, it could be known unknown. Okay. Thank you, Donald Rumsfeld.

SPEAKER_01 53:00

Okay, Donald Rumsfeld. Yeah. Also, you corrected me on that last time I tried to make that joke. Um, I said the wrong defense secretary. So sorry, Donald Rumsfeld.

SPEAKER_00 53:11

The threat cluster that I just talked about with the W9, the threat cluster or cluster singular, not sure yet. I'm tracking it as unk spoof point. And why they spoof proof point. Proofpoint is one of the brands that they impersonate. So I thought that was pretty special. And then that that's how I found out Selena hates the unk names.

SPEAKER_04 53:31

So define. I don't care, Selena. I'm naming mine unk word word, and there's nothing you can do about it.

SPEAKER_00 53:38

I'm just very appreciative when they're like I can pronounce them in a speaking environment. Yeah.

SPEAKER_01 53:43

I mean, honestly, people need to say their unks out loud. Yes. Before before they give them an unk name because we and Sarah have to talk to people, and I am constantly made fun of on other podcasts.

SPEAKER_03 53:57

That's definitely not going to make the problem worse that you just announced that.

SPEAKER_01 54:02

Well, it's a good thing none of them actually listen to our podcast. We have one more question from our audience. Who is your favorite member of the Proof Point competitive intelligence team? And why is it Jason Ford asking for a friend? I won't tell you who asked this question. It is anonymous. Submitted anonymously.

SPEAKER_04 54:25

Initial Zoar Jack.

SPEAKER_01 54:29

My favorite member of the competitive intelligence team is Jason Ford. He came on the podcast. He was a fantastic guest, talked about direct send, um, the abuse of uh some uh Microsoft DirectSend and other methods that threat actors are doing to get around various different gateways to uh enable threat delivery. That was a super interesting podcast. Definitely recommend you tune into it.

SPEAKER_00 54:49

Isn't it the most listened to?

SPEAKER_01 54:51

Yeah, actually based yeah, based on our statistics, Jason Ford's episode is the most listened to episode.

SPEAKER_00 54:57

I listened to it at least five times. It was really super helpful. I'm not even exaggerating. Most super helpful.

unknown 55:04

Yes.

SPEAKER_00 55:06

Give those numbers up. Because it helped me so much prepare for how to explain it to customers and people. Because it I mean, it was kind of a confusing concept. Also, it's it's kind of interesting.

SPEAKER_01 55:17

We haven't seen much direct send abuse lately. I feel like it's a really pivot.

SPEAKER_03 55:21

Yes, yeah, absolutely. Direct send is is still a thing, but visibility, visibility into the problem is tough because it it like doesn't go through the gateway, right? Like it's it's internal.

SPEAKER_01 55:31

Yeah, we are definitely still seeing it, but I feel like Microsoft direct send was like a really prominent technique, but I feel like they've all pivoted to device code phish. Oh yeah.

SPEAKER_03 55:42

Whereas like poor Kinolistos, right?

SPEAKER_01 55:45

That's poor canolostos. Yes, true, true. Yeah, no, that's a good that's a really good point. But yeah, I feel like device code phishing is the new hotness. Hopefully, we'll have a future episode on some of the weird stuff like evil tokens and all of the evil tokens clones and how they're all ruining my life on a forthcoming episode of Discarded. Guys, gals, folks, this is a great point.

SPEAKER_03 56:09

You don't want to know who my favorite member of the competitive Intel team is. Oh, I do want to know. Who is it? I would love to say Tyler, but there's only one member of the competitive Intel team that I have paled around with at DEF CON, and that is Jason.

SPEAKER_01 56:23

Tyler gets a nod. Although, tip of the hat. Amazing. Well, yeah, Tyler, if you ever want to come in the pod, Jason, Jason Tyler, come on, come join us. Awesome. Well, this was super fun. Is there anything that you want to leave with our listeners for 100 episodes? And I have done some damage on this bottle of wine that I brought to our to our recording. Daniel?

SPEAKER_03 56:47

What I'd like to leave is that if you're a business that regularly advertises on podcasts, I think you should sponsor discard it. If you've made it to the point that you are hearing me say these words, then you have obvious obviously gotten your your money's worth, right? So Yeah.

SPEAKER_01 57:05

Yeah. Tim, any message for our listeners at episode 100.

SPEAKER_04 57:09

If you're tired of hearing about AI, I'm sorry to tell you that we're probably gonna be talking about it a lot more in the next hundred episodes, but we'll try to keep it very interesting and very fun and helpful as always. Actionable as always.

SPEAKER_01 57:23

Yes, for sure. Sarah, anything to leave our listeners with.

SPEAKER_00 57:26

Just reflecting on some of the extracurricular work I've done outside of my day job uh the last couple weeks, is I would like to encourage our listeners to talk about cyber stuff, including AI, including threats and scams and fraud and malware and everything to people who aren't on the internet or aren't, you know, super technical. You have I mean, there's so much happening out there right now. It's not just an email, it's coming on everybody's cell phones and you know, calling. Yeah, talk, talk to everybody, make it a tabletop uh dinner time conversation, uh, spread the outreach. Talk about Megdala hijacking, social engineering. That's how how we stay very mindful and very secure.

SPEAKER_03 58:10

Very dim, you are as well. My mom's nail tech totally got pick butchered. So yeah.

SPEAKER_01 58:18

It's everywhere. Oh my gosh, if my nail tech got pick butchered, I would be absolutely devastated. You guys, our listeners cannot tell, but I have amazing manicures. And if you tune tune into intercepted, you can see them.

SPEAKER_00 58:32

Because that is a video podcast that Sarah hosts. Next one is April 22nd, Earth Day. And we're we're gonna talk about region, we're gonna talk about all the threats targeting all the different places on the earth. Oh, regionally focused threats.

SPEAKER_01 58:46

Amazing. I planned it like that. Well, we Sarah definitely planned it like that because I super didn't. I just want to leave a message to all our listeners. First of all, thanks for listening to this whole thing. If you are still tuned in, we absolutely love you. This has been a 100% work of love, a labor of love that I and all of my co-hosts and everyone who comes on is been doing. It is shockingly hard to get people to talk on a podcast who don't want to. And we want to make sure that the folks who are listening are getting it straight from the researchers, straight from the people that are doing this work, that are in it every single day and can always learn something from us. You know, we want to make it fun, educational, and impactful. So thank you for getting us to 100. We really hope that you keep listening because we have some really fantastic guests coming up on future episodes that I'm really excited about that will be uh mentioned on our next summary of the coolest people ever. So thank you, thank you. As always, until next time, happy hunting. You've been listening to Discarded Tales from the Threat Research Trenches, a podcast by Proof Point. Never miss an episode by subscribing to the show in your favorite podcast player. Happy hunting.