SHOW NOTES

In this special AMA edition of SecOps Weekly, Red Canary co-founder Keith McCammon and Principal Security Researcher Brian Donohue discuss various security topics submitted by the audience.

The conversation begins with an in-depth discussion of EDR bypass techniques, where Brian emphasizes that the biggest threat isn’t sophisticated bypass methods but rather unmonitored systems that lack EDR sensors entirely. They explore operational security practices, with audience polling showing attack surface reduction as the top priority, followed by gaining visibility into systems. The discussion covers breach and attack simulation tools like Atomic Red Team, emphasizing the importance of continuous testing over one-time assessments. They address emerging concerns about Shadow AI and unauthorized AI tool usage within organizations, discussing the challenges of monitoring AI inputs and maintaining asset inventories.

The session also touches on geopolitical threats related to Iran and their potential impact on critical infrastructure, as well as the growing problem of legitimate RMM tools being weaponized by attackers. Throughout, the experts stress the fundamental importance of visibility and baseline understanding of organizational assets and normal user behavior.

Timestamps:

• 00:00 – Introduction
• 01:25 – Welcome to SecOps Weekly
• 03:05 – EDR bypass shenanigans
• 09:40 – Boost your operational security practices
• 13:33 – Pros and cons of breach attack simulation
• 19:25 – Threat landscape related to Iran
• 23:15 – Shadow AI and AI tools
• 27:18 – Tips to get started baselining an environment