Again with the Security

There are two security podcasts I listen to religiously: The CyberWire and Risky.Biz. Both have short, daily news podcasts and longer feature episodes. I cannot recommend these two podcasts highly enough. is based in Austrailia, so you get a slightly different view than the Washington, D.C. based CyberWire. One of the interesting things that Risky.Biz does is what they call Soap Box episodes. As they mention right up front, these are episodes paid by vendors to be on. The host, Patrick Gray, will still challenge them though, and I think that adds to the authenticity. This week’s Soap Box is about a product based on Open Source Red Teaming tool (Bloodhound) used to find Active Directory setup vulnerabilties, but are now selling an Enterprise version for Blue Teams. In this episode, there is a nice discussion of how each directory system (Kerberos/OAuth/OpenID Connect) has their own attack surfaces and how some are more secure by default and what you have to do to close the gaps.