How to Detect Malicious Remote Workers w/ James McQuiggan

Turn Ideas into Code with GitHub Copilot with Carrie Roberts

What if you could build tools, automate tasks, and write real code without ever having called yourself a developer? Join us for a free one-hour training session with instructor Carrie Roberts, Developer and InfoSec Engineer, as she teaches you how GitHub Copilot is changing what it means to "know how to code" and show you how to put it to work in your browser right now, with no setup required. You'll learn how to use Copilot to generate, debug, and refactor code through hands-on demos, including how to assign tasks directly from GitHub without ever opening an editor, so you can start building things that actually work faster than you ever thought possible. 📚 Train with Carrie Roberts https://www.antisyphontraining.com/product/powershell-for-infosec-what-you-need-to-know-with-carrie-roberts/ [https://www.antisyphontraining.com/product/powershell-for-infosec-what-you-need-to-know-with-carrie-roberts/] Chapters * (00:00) - Introduction & What is GitHub Copilot * (05:17) - How Copilot Works (Concept + Setup) * (11:27) - Prompting Strategies for Better Results * (15:49) - Turning Ideas into Code (Workflow) * (23:53) - Debugging, Limitations & Security * (36:11) - Q&A Credits Creators & Guests * Ryan Poirier [https://anticasts.transistor.fm/people/ryan-poirier] - Producer * Carrie Roberts [https://anticasts.transistor.fm/people/carrie-roberts] - Guest Chat with your fellow attendees in the BHIS Discord server: https://discord.gg/bhis [https://discord.gg/bhis] in the #🔴live-chat channel 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com [https://poweredbybhis.com] Click here to watch a video of this episode. [https://www.youtube.com/watch?v=N6jUEKB9QYU] Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com [https://www.blackhillsinfosec.com/] Antisyphon Training https://www.antisyphontraining.com/ [https://www.antisyphontraining.com/] Active Countermeasures https://www.activecountermeasures.com [https://www.activecountermeasures.com/] Wild West Hackin Fest https://wildwesthackinfest.com [https://wildwesthackinfest.com/] Click here to view the episode transcript. [https://share.transistor.fm/s/9eb76ea7/transcript]

The Absolute Truths of Cybersecurity with Doc Blackburn

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com [https://poweredbybhis.com] DANGER AHEAD. In this bold, no-nonsense talk, instructor Doc Blackburn will reveal the Absolute Truths of Cybersecurity, hard realities that challenge everything you think you know about “being secure.” 🛝 Webcast Slides -  https://www.antisyphontraining.com/wp-content/uploads/2026/04/Absolute-Truths.pdf [https://www.antisyphontraining.com/wp-content/uploads/2026/04/Absolute-Truths.pdf] Join us for a free one-hour training session to learn why security isn’t a product, why prevention is a fantasy, why encryption fixes almost nothing, and why your biggest risk might be you. You'll learn to see your role differently — not as a gatekeeper, but as a mission-enabler, risk translator, and resilience builder. This Anti-Cast isn’t about firewalls or frameworks. It’s a total reset on how we view cybersecurity. Chapters * (00:00) - Intro - The Absolute Truths of Cybersecurity with Doc Blackburn * (03:40) - Vera's Origin Story * (08:19) - Learning Security? * (10:08) - Security isn’t what you do! * (11:17) - 14 Truths of Cybersecurity * (12:59) - Truth #1: There is no such thing as security, only varying degrees of insecurity. * (15:26) - Truth #2: The network doesn't exist to be secured. * (21:29) - Truth #3: When security gets in the way of the mission – Security is wrong, not the mission * (22:54) - Truth #4: Prevention is ideal – Detection is a must. Detection without response is useless * (28:43) - Truth #5: Security must always be driven by business need * (31:04) - Truth #6: Security is a cost center, not a profit center * (34:04) - Truth #7: Security is a process… not a product * (35:58) - Truth #8: You cannot process encrypted data… EVER * (38:42) - Truth #9: All good security is custom-fit Compliance does not equal security * (44:28) - Truth #10: In security, the most dangerous thing in the world is what you think you know. * (47:14) - Truth #11: You cannot secure what you do not control * (49:49) - Truth #12: You cannot prevent what you allow * (51:02) - Truth #13: Security is, first and foremost, a people issue * (53:24) - Truth #14: Some things cannot be fixed They are simply reality * (59:11) - WORKSHOP: How to think like a Cybersecurity Defender Credits Creators & Guests * Ryan Poirier [https://anticasts.transistor.fm/people/ryan-poirier] - Producer * Doc Blackburn [https://anticasts.transistor.fm/people/doc-blackburn] - Guest * Bronwen Aker [https://anticasts.transistor.fm/people/bronwen-aker] - Guest * Mark Williams [https://anticasts.transistor.fm/people/mark-williams] - Guest Chat with your fellow attendees in the BHIS Discord server: https://discord.gg/bhis [https://discord.gg/bhis] in the #🔴live-chat channel 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com [https://poweredbybhis.com] Click here to watch a video of this episode. [https://www.youtube.com/watch?v=OjqWjHoOOtg] Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com [https://www.blackhillsinfosec.com/] Antisyphon Training https://www.antisyphontraining.com/ [https://www.antisyphontraining.com/] Active Countermeasures https://www.activecountermeasures.com [https://www.activecountermeasures.com/] Wild West Hackin Fest https://wildwesthackinfest.com [https://wildwesthackinfest.com/] Click here to view the episode transcript. [https://share.transistor.fm/s/100c94fc/transcript]

How to Write SOC Tickets That Build Trust and Drive Action w/ Dan Rearden

What does the ideal SOC ticket look like? 🛝 Webcast Slides -  https://www.antisyphontraining.com/wp-content/uploads/2026/03/How-to-Write-SOC-Tickets-That-Build-Trust-and-Drive-Action.pdf [https://www.antisyphontraining.com/wp-content/uploads/2026/03/How-to-Write-SOC-Tickets-That-Build-Trust-and-Drive-Action.pdf] Technical skills matter, but clear communication is just as important. Join SOC Analyst Dan Rearden for a free one-hour Antisyphon Anti-cast on using soft skills to level up your tickets. Learn how to make alerts clear, findings impactful, and documentation useful now and later. Chapters * (00:00) - Intro- How to Write SOC Tickets That Build Trust and Drive Action - Dan Rearden * (01:53) - About Dan Rearden * (03:27) - On Call at 2AM... * (05:16) - Beyond the Terminal * (06:22) - Talking to Humans * (09:11) - Reboot Your Vocabulary * (14:44) - Plain Text Protocol * (19:54) - Peer To Peer * (24:44) - The Client Session * (26:06) - The Client Session * (28:13) - Hotfix today * (31:53) - Final System Check * (34:32) - Q&A Credits Creators & Guests * Meagan Bentley [https://anticasts.transistor.fm/people/meagan-bentley] - Producer * CJ Cox [https://anticasts.transistor.fm/people/cj-cox] - Guest * Ryan Poirier [https://anticasts.transistor.fm/people/ryan-poirier] - Producer * Dan Rearden (Haircutfish) [https://anticasts.transistor.fm/people/dan-rearden-haircutfish] - Guest Chat with your fellow attendees in the BHIS Discord server: https://discord.gg/bhis [https://discord.gg/bhis] in the #🔴live-chat channel 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com [https://poweredbybhis.com] Click here to watch a video of this episode. [https://www.youtube.com/watch?v=12ldaGyh7f0] Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com [https://www.blackhillsinfosec.com/] Antisyphon Training https://www.antisyphontraining.com/ [https://www.antisyphontraining.com/] Active Countermeasures https://www.activecountermeasures.com [https://www.activecountermeasures.com/] Wild West Hackin Fest https://wildwesthackinfest.com [https://wildwesthackinfest.com/] Click here to view the episode transcript. [https://share.transistor.fm/s/a36f24c3/transcript]

Securing the Cloud in the Age of AI with Andrew Krug

Existential Courage: The Hitchhiker's Guide to Surviving AI in Cloud 🛝 Webcast Slides - https://www.blackhillsinfosec.com/wp-content/uploads/2026/03/SLIDES_The-Hitchhikers-Guide-to-Surviving-AI-in-Cloud.pdf [https://www.blackhillsinfosec.com/wp-content/uploads/2026/03/SLIDES_The-Hitchhikers-Guide-to-Surviving-AI-in-Cloud.pdf] Can AI really help secure the cloud, or is it quietly making things worse? Join Antisyphon instructor and security researcher Andrew Krug for a free one-hour Anti-cast on what really happens when AI collides with cloud security. * Andrew will cut through the hype and look at how LLMs affect IAM, monitoring, governance, and real-world risk. * Learn where AI helps, where it hallucinates, and how to defend cloud environments without panic. * Expect practical insights, grounded strategy, and a bit of cosmic humor. Bring your towel. Don’t panic. Chapters * (00:00) - Intro * (02:44) - Our trip through the galaxy * (03:38) - What kind of literature is the Hitchikerʼs Guide to the Galaxy? * (04:29) - Don't Panic * (05:18) - The Agentic Revolution * (05:56) - Cast of Characters * (07:44) - The State of AI in the Enterprise - Deloitte * (10:53) - How do teams build agents? * (12:11) - What are teams using agents for? * (13:17) - Why build on Bedrock + AWS * (14:17) - Are we learning? Or not learning? * (15:58) - Are you the fixed point in a shifting universe? * (17:01) - TL;DR the majority of these are the same threats we have been dealing with * (18:16) - Prompt Injection is the new SQL Injection * (19:13) - Sandbox Escape * (20:20) - Shared Structure: General Software & AI Supply Chains * (23:03) - The Bad News * (24:29) - Threate Vector Coverage * (25:24) - The Expanding Universe of Secrets * (28:15) - Hope is not a strategy! But a strategy can give us hope. * (28:36) - (Yes we AI-Removed Andrew's Coughs) * (29:40) - back to: Hope is not a strategy! But a strategy can give us hope. * (30:47) - Plan for maximum risk scenarios * (33:03) - Squishy Stuff * (34:38) - KIRO * (37:11) - Infrastructure and Data Protection * (39:11) - Priveledge Escalation Paths – https://pathfinding.cloud * (40:58) - The AI Stuff * (42:01) - So anyway, here's Firewall * (43:34) - OpenTelementry * (46:47) - You still have to have logs * (48:22) - MCP * (49:22) - Learn more from Andrew in: Securing the Cloud Foundations * (50:23) - Post Show Q&A Credits Creators & Guests * Andrew Krug [https://anticasts.transistor.fm/people/andrew-krug] - Guest * Jason Blanchard [https://anticasts.transistor.fm/people/jason-blanchard] - Host * Deb Wigley [https://anticasts.transistor.fm/people/deb-wigley] - Host Chat with your fellow attendees in the BHIS Discord server: https://discord.gg/bhis [https://discord.gg/bhis] in the #🔴live-chat channel 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com [https://poweredbybhis.com] Click here to watch a video of this episode. [https://www.youtube.com/watch?v=vIc_21xUpys] Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com [https://www.blackhillsinfosec.com/] Antisyphon Training https://www.antisyphontraining.com/ [https://www.antisyphontraining.com/] Active Countermeasures https://www.activecountermeasures.com [https://www.activecountermeasures.com/] Wild West Hackin Fest https://wildwesthackinfest.com [https://wildwesthackinfest.com/] Click here to view the episode transcript. [https://share.transistor.fm/s/684c00ac/transcript]

How to Detect Malicious Remote Workers w/ James McQuiggan

Summary Could a nation-state threat actor get hired and stay invisible to your SOC? 🛝Webcast Slides- https://www.blackhillsinfosec.com/wp-content/uploads/2026/03/SLIDES_2026-03-11-AntiSyphon-DPRK-Hiring.pdf [https://www.blackhillsinfosec.com/wp-content/uploads/2026/03/SLIDES_2026-03-11-AntiSyphon-DPRK-Hiring.pdf] Join us for a free one-hour training session with James McQuiggan, CISSP and Advisory CISO, as he teaches you the full lifecycle of North Korea’s AI-enabled IT worker operation, from AI-generated identities and U.S.-based laptop farms to the data theft and extortion that follow once they’re inside. You’ll learn a practical detection and hunting playbook covering behavioral anomalies, identity red flags, and post-hire SOC indicators that catch what background checks miss. If your SOC isn’t hunting for threats that were hired legitimately, this Antisyphon Anti-cast will change that. Chapters * (00:00) - Intro – How to Detect Malicious Remote Workers - James McQuiggan * (01:17) - DPRK Solution – Did you Hire a North Korean? * (02:35) - But Really, Did We Just Hire a North Korean? * (04:31) - How comfortable are you to spot deepfakes? * (05:46) - Who is James R. McQuiggan * (07:42) - Webcast Agenda * (09:36) - Overview - North Korea Situation * (11:56) - DRPK Education * (14:31) - The Ultimate Inside Threat – DPRK Job Opps * (16:17) - Attacker's Playbook — Contagious Interview / WageMole Campaigns * (17:47) - Investigations – Crowdstrike / Okta / Unit 42 * (19:14) - How Identities Are Built – AI Images * (21:05) - GenAI Resumes * (23:39) - Stateside Assistance * (25:23) - Face Swap / Voice Cloning & Webcams ➜ LIVE Deepfakes * (25:49) - AI Face Swap Demo * (29:55) - Video Camera Real time Video Deepfake Face Swap Interview * (30:43) - KnowBe4 Use Case – July 2024 * (34:18) - Legal Impact * (35:42) - Companies Infiltrated — The Numbers * (36:11) - North Korean Farmers Arrested * (40:23) - SOC Playbook – Deepfake Dashboard * (40:53) - 12 Best AI Deepfake Detector Tools * (41:54) - Detecting VOIP Numbers & Identity * (43:01) - SOC Telemetry * (45:17) - Hiring Flags * (46:08) - HR – Hiring Tips * (48:24) - Human Risk – AI First Ready Security Team * (50:26) - Wrap Up and Q&A * (54:39) - James' Survey QR Code Credits Creators & Guests * Deb Wigley [https://anticasts.transistor.fm/people/deb-wigley] - Host * Jason Blanchard [https://anticasts.transistor.fm/people/jason-blanchard] - Host * James McQuiggan [https://anticasts.transistor.fm/people/james-mcquiggan] - Guest Chat with your fellow attendees in the BHIS Discord server: https://discord.gg/bhis [https://discord.gg/bhis] in the #🔴live-chat channel 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com [https://poweredbybhis.com] Click here to watch a video of this episode. [https://www.youtube.com/watch?v=yDewa1GuDPs] Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com [https://www.blackhillsinfosec.com/] Antisyphon Training https://www.antisyphontraining.com/ [https://www.antisyphontraining.com/] Active Countermeasures https://www.activecountermeasures.com [https://www.activecountermeasures.com/] Wild West Hackin Fest https://wildwesthackinfest.com [https://wildwesthackinfest.com/] Click here to view the episode transcript. [https://share.transistor.fm/s/aff37195/transcript]