Episodes

  • Exposing Your Attack Surface on Purpose: API Chaos, AI Risk, and Quantum Reality

    Exposing Your Attack Surface on Purpose: API Chaos, AI Risk, and Quantum Reality
    Jun 26 2025
    Exposing Your Attack Surface on Purpose: API Chaos, AI Risk, and Quantum Reality by DomainTools
    Show More Show Less
    24 mins
  • Zero-Knowledge Threats, Shadow AI, and the Future of Cyber Attribution

    Zero-Knowledge Threats, Shadow AI, and the Future of Cyber Attribution
    Jun 18 2025
    In this RSA Conference 2025 special episode, we dive into the evolving world of cyber attribution, AI-powered threat tactics, and real-world incident response in AWS and GCP environments. Our guests include: ● Tal Darsan and Etay Maor from Cato Networks, discussing stealthy attacker techniques, AI-powered evasion, and lessons from ransomware groups like Medusa, Play, and Hunters International. ● Yonaten Khen from Hunters, who walks us through how his team discovered a privilege escalation vulnerability in Google Workspace and what it reveals about modern cloud attacks.
    Show More Show Less
    40 mins
  • Inside Ransomware’s Supply Chain: Attribution, Rebrands, and Affiliate Betrayal

    Inside Ransomware’s Supply Chain: Attribution, Rebrands, and Affiliate Betrayal
    Jun 11 2025
    In this RSA Conference 2025 special episode, we explore two critical frontiers shaping the future of cybersecurity. First, Jon DiMaggio (Author of The Ransomware Diaries, Analyst1) breaks down the hidden supply chains behind ransomware gangs, including the economics of affiliate betrayal and the challenge of accurate attribution. He walks us through his methodology for identifying ransomware rebrands like BlackCat and RansomHub using evidence-based frameworks designed to eliminate human bias. Then we’re joined by Matt Radolec (VP of Incident Response at Varonis), who brings a fresh perspective on talent development in cybersecurity. Drawing from his keynote "From Gamer to Leader", Matt argues that gamers possess untapped potential as cybersecurity professionals and it’s time to design leadership pipelines like quest lines. From ransomware negotiations on underground forums to using AI-enhanced playbooks and transforming threat response teams into RPG-style guilds, this episode blends technical insight with cultural reflection.
    Show More Show Less
    45 mins
  • Beyond the Perimeter: How Attackers Use Domains, Phishing & AI and How to Fight Back

    Beyond the Perimeter: How Attackers Use Domains, Phishing & AI and How to Fight Back
    Jun 4 2025
    Welcome to a special RSAC 2025 episode of the Breaking Badness Cybersecurity Podcast! Today, we delve into the critical role of domains in modern cyber attacks. From sophisticated nation-state operations to AI-powered phishing kits and malicious browser extensions, domains are the foundational infrastructure for threat actors. Host Kali Fencl is joined by four leading cybersecurity experts Joe Slowik, Robert Duncan, John Fokker and Vivek Ramachandran to break down how domains are weaponized and what organizations can do to defend themselves on this ever-evolving frontline
    Show More Show Less
    1 hr and 8 mins
  • It Takes a Village to Secure AI

    It Takes a Village to Secure AI
    May 28 2025
    In this episode of Breaking Badness, we sit down with Raji Vannianathan, a cybersecurity leader at Microsoft driving the charge on AI security and safety. Raji shares her experience leading the team responsible for managing the end-to-end lifecycle of AI vulnerability disclosures, building proactive safety frameworks, and cultivating a global community of AI security researchers. From developing Microsoft's AI Bug Bar to launching the "Guardians of AI Safety" Discord community, she brings both vision and practical strategies to a rapidly evolving field. We discuss the shifting threat landscape as threat actors begin to leverage generative AI, the critical need for shared language and cross-functional collaboration, and how Microsoft is thinking about trust, transparency, and incident response in the AI era. If you’re navigating the challenges of AI risk, vulnerability coordination, or ethical deployment, this is an essential listen.
    Show More Show Less
    23 mins
  • Building Secure Campaigns and Better Humans: A Conversation with Mick Baccio

    Building Secure Campaigns and Better Humans: A Conversation with Mick Baccio
    May 14 2025
    In this episode of Breaking Badness, Kali Fencl sits down with Mick Baccio, Global Security Advisor at Splunk and former CISO for Pete Buttigieg’s 2020 presidential campaign. Mick shares his journey from aspiring Navy nuclear engineer to leading security in some of the highest-stakes environments, including the White House. They explore how threat intelligence, storytelling, and mentorship shape the future of cybersecurity. From his early days in government to his work on the Splunk SURGe team, Mick opens up about what it takes to build secure systems, stronger teams, and more empathetic leadership in cybersecurity.
    Show More Show Less
    23 mins
  • Hacking the Stage: John Donovan on RSAC, BSides SF, and the Human Side of Cybersecurity

    Hacking the Stage: John Donovan on RSAC, BSides SF, and the Human Side of Cybersecurity
    May 7 2025
    In this episode of Breaking Badness, we sit down with John Donovan of ZEDEDA to unpack the lighter and more profound sides of cybersecurity’s biggest gatherings. From RSA’s unexpected baby goats and vendor booth antics to BSides San Francisco’s community-driven keynote stage, John shares personal stories, industry insights, and valuable advice on how newcomers and veterans alike can navigate events like RSA, BSides, and DEF CON. You’ll hear how he "hacked" his way onto the main stage, what it means to wear a “No Purchasing Authority” pin, and why protecting your mom from scams might be more urgent than defending your enterprise.
    Show More Show Less
    22 mins
  • Inside Morphing Meerkat and Proton66: How Cybercrime Is Getting Easier

    Inside Morphing Meerkat and Proton66: How Cybercrime Is Getting Easier
    Apr 30 2025
    In this episode of Breaking Badness, the crew investigates two escalating threats in the cybercrime ecosystem: the cleverly named phishing-as-a-service platform Morphing Meerkat, and the bulletproof hosting provider Proton66, a favorite among amateur cybercriminals. First, they dig into how Morphing Meerkat uses DNS-over-HTTPS (DoH) and clever phishing kits to evade detection. Then, they shift focus to Proton66, a Russian-based bulletproof host that shelters a new generation of low-skill attackers, including a threat actor known as "Coquettte" with ties to the Horrid Hacking group.
    Show More Show Less
    40 mins