


























This episode delivers critical battlefield stories regarding the operational reality of modern identity based threats. Selena Larson, Staff Threat Researcher and Lead, Intelligence Analysis and Strategy at Proofpoint and Host of the DISCARDED podcast and the Only Malware in the Building podcast, joins host Caleb Tolin to detail the specific mechanics of device code phishing campaigns, revealing how adversaries exploit legitimate communication structures to capture administrative and enterprise access. The discussion centers on the rapid commercialization of cybercrime, highlighting the leak of specialized kits in late 2025 that catalyzed the democratization of sophisticated technical exploits.
The conversation unpacks the behavioral patterns of specific threat groups, analyzing the intersection of business email compromise, credential harvesting, and account takeover jumping. Selena explains how opportunistic targeting allows threats to pivot horizontally through trusted external supplier networks and specific industry verticals.
Rather than focusing solely on defensive theory, the dialogue transitions into hard technical controls, challenging the long-term viability of traditional security awareness programs. Defenders are provided with direct architectural recommendations, including the precise deployment of conditional access policies and rigid device compliance frameworks designed to stop unauthorized authentication attempts before execution.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。