SHOW NOTES

In this episode of SecOps Weekly, Phil Hagen and Chris Brook discuss the latest current cybersecurity threats and defense strategies with a focus on phishing attacks that bypass multi-factor authentication.

As a part of the discussion, they highlight the Kali365 platform, a new lure generator that tricks users into completing device authentication grants, bypassing conditional access controls. Phil and Chris also cover recent DLL sideloading attacks by the Muddy Waters threat group, who are using AI to constantly change malware code and create sophisticated targeted lures.

Throughout the conversation, these experts offer practical advice on the threat detection landscape. They address audience questions about protecting new hires from targeted phishing, the challenges of balancing security with user experience in token management, and technical topics like JARM and JA4 fingerprinting for network analysis.

TIMESTAMPS

• 00:00 – Introduction
• 00:51 – Welcome to SecOps Weekly
• 01:44 – PhaaS platforms commoditize device code abuse
• 09:59 – Do defenders need to detect every adversary action to prevent a threat?
• 13:55 – How can I better protect our new hires (M365 users) from phishes?
• 18:11 – MuddyWater’s new playbook
• 24:28 – I want to learn more about JARM fingerprinting