In 2017 the ShadowBrokers group leaked information stolen from the NSA. Within the leak was evidence that the NSA had compromised a SWIFT bureau in the Middle East called EastNets, probably so that they could gather financial intelligence.

The leak gives an unprecedented insight into how a sophisticated actor like the NSA operates.

In this episode, we talk about the operation, as well as the advice the NSA has publicly given on how organisations can improve their security. The advice is from the former head of the NSA's Tailored Access Operations (TAO), their most elite offensive security team, and potentially the folks responsible for the EastNets.

Link to the ShadowBrokers leak: https://github.com/DonnchaC/shadowbrokers-exploits/tree/master

Blog explaining the breach: https://medium.com/comae/the-nsa-compromised-swift-network-50ec3000b195

NSA advice on how to be secure: https://www.youtube.com/watch?v=bDJb8WOJYdA

Back in 2015 the offensive security company Hacking Team were compromised by the vigilante hacker Phineas Fisher. Helpfully, Phineas Fisher shared a full description of how they completed the attack, and it's rich in detail for both red and blue teamers. In this episode, we discuss that report.

To read the original report by Phineas Fisher, see here: https://gitlab.com/brn1337/phineas-fisher-collection/-/blob/master/2015_HackingTeam.txt?ref_type=heads

In this episode we discuss the 2024 CrowdStrike Global Threat Report. We dig into the key themes that CrowdStrike have identified, and explore what lessons there are for defenders. As always, we consider the offensive and the defensive sides.

The report can be downloaded here: https://www.crowdstrike.com/global-threat-report/

Steve has a LinkedIn article discussing it here: https://www.linkedin.com/pulse/wheres-information-security-going-2024-review-global-steve-townsley-8iole/