In this episode, DomainTools' Daniel Schwalbe is joined by Renee Burton (Infoblox), Raymond Dijkxhoorn (Surbl), and Peter Lowe (FIRST.org) to unpack the inaugural DomainTools Intelligence Report and what it reveals about DNS-based threats in 2024. The panel digs into evolving detection challenges, the pitfalls of domain scoring, the growing complexity of threat actor behavior, and why industry collaboration continues to lag. They explore topics like aging domains, TLD abuse, data sharing barrier...
Jul 10, 2025•47 min
In this episode of Breaking Badness, Kali Fencl sits down with Audra Streetman, a former journalist turned threat intelligence analyst at Splunk. Audra shares her journey from local newsrooms to the frontlines of cybersecurity, detailing how her storytelling skills translate directly into threat research. Audra walks us through how ransomware attacks like JBS Foods and the Excellion breach sparked her pivot into cyber. She dives deep into persistent threat tactics, such as file transfer applianc...
Jul 03, 2025•17 min
Exposing Your Attack Surface on Purpose: API Chaos, AI Risk, and Quantum Reality by DomainTools
Jun 26, 2025•24 min
In this RSA Conference 2025 special episode, we dive into the evolving world of cyber attribution, AI-powered threat tactics, and real-world incident response in AWS and GCP environments. Our guests include: ● Tal Darsan and Etay Maor from Cato Networks, discussing stealthy attacker techniques, AI-powered evasion, and lessons from ransomware groups like Medusa, Play, and Hunters International. ● Yonaten Khen from Hunters, who walks us through how his team discovered a privilege escalation vulner...
Jun 18, 2025•40 min
In this RSA Conference 2025 special episode, we explore two critical frontiers shaping the future of cybersecurity. First, Jon DiMaggio (Author of The Ransomware Diaries, Analyst1) breaks down the hidden supply chains behind ransomware gangs, including the economics of affiliate betrayal and the challenge of accurate attribution. He walks us through his methodology for identifying ransomware rebrands like BlackCat and RansomHub using evidence-based frameworks designed to eliminate human bias. Th...
Jun 11, 2025•45 min
Welcome to a special RSAC 2025 episode of the Breaking Badness Cybersecurity Podcast! Today, we delve into the critical role of domains in modern cyber attacks. From sophisticated nation-state operations to AI-powered phishing kits and malicious browser extensions, domains are the foundational infrastructure for threat actors. Host Kali Fencl is joined by four leading cybersecurity experts Joe Slowik, Robert Duncan, John Fokker and Vivek Ramachandran to break down how domains are weaponized and ...
Jun 04, 2025•1 hr 8 min
In this episode of Breaking Badness, we sit down with Raji Vannianathan, a cybersecurity leader at Microsoft driving the charge on AI security and safety. Raji shares her experience leading the team responsible for managing the end-to-end lifecycle of AI vulnerability disclosures, building proactive safety frameworks, and cultivating a global community of AI security researchers. From developing Microsoft's AI Bug Bar to launching the "Guardians of AI Safety" Discord community, she brings both v...
May 28, 2025•23 min
In this episode of Breaking Badness, Kali Fencl sits down with Mick Baccio, Global Security Advisor at Splunk and former CISO for Pete Buttigieg’s 2020 presidential campaign. Mick shares his journey from aspiring Navy nuclear engineer to leading security in some of the highest-stakes environments, including the White House. They explore how threat intelligence, storytelling, and mentorship shape the future of cybersecurity. From his early days in government to his work on the Splunk SURGe team, ...
May 14, 2025•23 min
In this episode of Breaking Badness, we sit down with John Donovan of ZEDEDA to unpack the lighter and more profound sides of cybersecurity’s biggest gatherings. From RSA’s unexpected baby goats and vendor booth antics to BSides San Francisco’s community-driven keynote stage, John shares personal stories, industry insights, and valuable advice on how newcomers and veterans alike can navigate events like RSA, BSides, and DEF CON. You’ll hear how he "hacked" his way onto the main stage, what it me...
May 07, 2025•22 min
In this episode of Breaking Badness, the crew investigates two escalating threats in the cybercrime ecosystem: the cleverly named phishing-as-a-service platform Morphing Meerkat, and the bulletproof hosting provider Proton66, a favorite among amateur cybercriminals. First, they dig into how Morphing Meerkat uses DNS-over-HTTPS (DoH) and clever phishing kits to evade detection. Then, they shift focus to Proton66, a Russian-based bulletproof host that shelters a new generation of low-skill attacke...
Apr 30, 2025•40 min
In this powerful continuation of our DFIR series, cybersecurity experts Daniel Schwalbe, David Bianco, Lesley Carhart, and Sarah Sabotka dissect the heart of effective incident response, containment, eradication, recovery, and lessons learned. Packed with firsthand war stories, sharp tactical advice, and honest debates, this episode is a must-listen for anyone building or refining their digital forensics and incident response capabilities. Tune in to learn why planning matters, what to do (and n...
Apr 23, 2025•55 min
In Part 1 of this special two-part panel, the Breaking Badness podcast gathers leading cybersecurity experts to explore the foundations of DFIR - Digital Forensics and Incident Response. Featuring Daniel Schwalbe (DomainTools), Lesley Carhart (Dragos), David Bianco (Splunk), and Sarah Sabotka (Proofpoint), the panel dives into what makes an effective incident response program, why preparation is often overlooked, and how to bring technical and human elements together during high-stakes security ...
Apr 16, 2025•43 min
In this episode of Breaking Badness, host Kali Fencl is joined by DomainTools' Daniel Schwabe and disinformation expert Scot Terban to uncover how modern Russian disinformation campaigns are using domain registrars, homoglyph attacks, and generative AI to mimic legitimate news outlets and manipulate public perception. From the eerie sophistication of Doppelganger operations to the exploitation of domain infrastructure, this episode sheds light on how truth is being weaponized in the digital era....
Apr 09, 2025•39 min
In this special DNS Masterclass episode of Breaking Badness, hosts Kali Fencl, Tim Helming, and Taylor Wilkes-Pierce take a deep dive into the Domain Name System often dubbed the backbone and battleground of the internet. From its humble beginnings with host files to its critical role in modern security, the episode unpacks DNS’s evolution, vulnerabilities, and impact on InfoSec.
Mar 30, 2025•41 min
In this episode of Breaking Badness, host Kali Fencl welcomes Wes Young of CSIRT Gadgets and Daniel Schwalbe, CISO and head of investigations at DomainTools, dive into a recent DomainTools Investigations (DTI) analysis involving ValleyRAT and Silver Fox, and how new tools are enabling faster, more accessible analysis for junior and seasoned analysts alike. Whether you're a threat intel veteran or an aspiring analyst, this episode is packed with hard-earned lessons, technical insights, and future...
Mar 24, 2025•58 min
In this episode of Breaking Badness, we dive into two major cybersecurity stories: the exploitation of a VPN vulnerability by Chinese APT 41 and the newly discovered “Wall Bleed” flaw in the Great Firewall of China. APT 41 has been using a critical VPN vulnerability to infiltrate operational technology (OT) organizations, targeting industries like aerospace and defense. Meanwhile, researchers have uncovered a flaw in China's DNS injection system, which inadvertently leaks internal data—an ironic...
Mar 18, 2025•31 min
Episode 202 of Breaking Badness takes a deep dive into two of the biggest cybersecurity stories of the year (so far): ● Black Basta’s Leaked Chats – A major data leak has exposed internal conversations from this notorious ransomware gang, revealing their internal struggles, ransom negotiations, and even workplace drama. ● Salt Typhoon’s Cyber Espionage – A sophisticated Chinese threat group has been caught infiltrating major U.S. telecommunications providers, raising serious concerns about natio...
Mar 10, 2025•43 min
In this episode of Breaking Badness, we sit down with Bruce and Heidi Potter, two of the masterminds behind ShmooCon, the legendary cybersecurity conference that ran for 20 years. They take us behind the scenes, from its hilarious bar-napkin origins to how they built a tight-knit hacker community that thrived for two decades.
Mar 05, 2025•45 min
In this episode of Breaking Badness, we dive into two major cybersecurity concerns: the risks of abandoned S3 buckets and a wave of phishing attacks impersonating DeepSeek. Watchtowr Labs uncovers how forgotten AWS storage can be hijacked for malicious purposes, potentially compromising military, government, and enterprise systems. Meanwhile, attackers exploit DeepSeek’s rising popularity to create lookalike sites, tricking unsuspecting users into downloading malware or exposing credentials. Joi...
Feb 23, 2025•40 min
Welcome to the 200th episode of Breaking Badness! 🎉 In this special milestone edition, we take a nostalgic stroll down memory lane, discuss the evolution of cybersecurity, and explore how the podcast—and the security landscape—has changed since 2019. In this special milestone episode, hosts Kali Fencl, Tim Helming, and Taylor Wilkes-Pierce are joined by longtime friend of the show, Allan Liska, to reflect on how both the podcast and cybersecurity world have evolved over the past six years. Let’...
Feb 16, 2025•45 min
In this episode of Breaking Badness, we welcome back Tanya Janca, aka SheHacksPurple, to discuss her latest book, Alice and Bob Learn Secure Coding. Tanya dives deep into the fundamental principles of secure software development, the psychology behind developer incentives, and the often-overlooked importance of zero trust security.
Feb 09, 2025•37 min
In this episode of Breaking Badness, we analyze two fascinating cybersecurity incidents that expose both corporate misconfigurations and hacker missteps. Security researcher Philippe Caturegli discovered a typo in MasterCard’s DNS records, which left the company open to traffic hijacking and data exposure. This long-overlooked flaw, dating back years, could have been exploited by attackers to redirect users, intercept data, and manipulate services. The Script Kiddie Trap: In a turn of events tha...
Jan 30, 2025•35 min
In this episode of Breaking Badness, Tricia Howard of Akamai joins Kali Fencl and Ian Campbell to dive deep into the intersection of gaming culture, mental health, and cybersecurity. Tricia shares her journey from theater arts to cybersecurity research, her love for gaming, and her experiences tackling emotional toxicity in digital spaces. The episode covers the concept of "mind patches," the role of community in digital wellness, and how gaming and workspaces mirror each other in their challeng...
Jan 29, 2025•36 min
In this episode of Breaking Badness, we dive into the cybersecurity headlines making waves in 2025. We discuss the U.S. Treasury breach, allegedly orchestrated by Chinese hackers using third-party access. Learn about how lingering chat histories can expose sensitive data and the importance of digital spring cleaning.
Jan 22, 2025•31 min
In this episode of Breaking Badness, we sit down with Tanya Janca, aka SheHacksPurple, a cybersecurity educator, and author of the best-selling book Alice and Bob Learn Application Security. Tanya shares her journey from software developer to AppSec expert, dives into the unique challenges of teaching secure coding, and discusses the impact of cybersecurity breaches on industries and individuals. From her creative teaching methods to her advocacy for change in university curriculums, Tanya offer...
Jan 12, 2025•47 min
Welcome to this special episode of the Breaking Badness Cybersecurity Podcast! We’re turning the spotlight on the books that have shaped the world of cybersecurity and inspired professionals in the field. As part of our ongoing book club series, this episode is a journey into storytelling, research, and the unique perspectives that make cybersecurity literature so compelling. From Ransomware Diaries to the geopolitics of cyber warfare, this discussion is packed with insights and actionable takea...
Jan 04, 2025•34 min
In this special episode of Breaking Badness, we wrap up 2024 with a countdown of the top episodes, puns, and cybersecurity moments that defined the year. From the hoodiest hacks to the goodiest wins, Kali, Tim, and Taylor reflect on critical insights, industry-changing events, and listener favorites. Tune in for discussions about evolving OT security, DNS mishaps, ransomware trends, and expert predictions for 2025. Featuring special moments like our Hacker Summer Camp interviews and top cybersec...
Dec 21, 2024•39 min
In this special 2025 Predictions episode of Breaking Badness, host Kali Fencl joins cybersecurity experts Sean McNee, Tim Helming, and Daniel Schwalbe to discuss the future of cyber threats and defense. From ransomware evolution and AI-powered attacks to quantum computing and “synthetic identity fraud,” the group compares their insights with predictions generated by leading AI platforms like ChatGPT, Claude, Copilot, and Meta AI. Will 2025 be the year of AI-compromised models or industrial contr...
Dec 15, 2024•1 hr
In this episode of Breaking Badness, we dive into two fascinating stories shaping the cybersecurity landscape. First, we unpack the case of Gabriel Koo and his surprising acquisition of the domain us-east-1.com, a domain closely tied to AWS’s naming conventions. What insights can this seemingly simple purchase reveal about DNS misconfigurations and AWS security practices? Next, we shift focus to DARPA's ambitious new project aimed at revolutionizing cybersecurity by breaking software into smalle...
Dec 07, 2024•32 min
In this episode of Breaking Badness, we delve into the cybersecurity trends shaping the holiday season. We unpack the 60% surge in scam domain registrations targeting holiday shoppers, discuss the tactics of TAG-112, a Chinese state-sponsored threat group, and analyze their use of compromised websites to deliver Cobalt Strike malware. Plus, we share actionable insights on mitigating these threats. Tune in for expert analysis, lighthearted banter, and a few cybersecurity holiday tips to keep you ...
Dec 01, 2024•44 min
