Ep. 146 - Demand Transparency with a blue shirt with Jason Frank


Manage episode 292703164 series 34304
By Christopher Hadnagy and LLC. Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio is streamed directly from their servers. Hit the Subscribe button to track updates in Player FM, or paste the feed URL into other podcast apps.

In this episode, Chris Hadnagy and Ryan MacDougall are joined by Jason Frank. Jason has an extensive background in helping both government and Fortune 100 organizations, and has served a course instructor for the Black Hat security conference. Jason is now currently the COO at SpecterOps, where he is accountable for execution of the company. He oversees the Adversary Simulation and Detection delivery capabilities, where he helps clients to understand, detect, and respond to adversaries. May 17, 2021

00:00 – Intro




Human Hacking Book

Vishing as a Service (VaaS)

Phishing as a Service (PHaaS)


Slack Channel

@HumanHacker on Twitter


03:05 – Podcast Guest Jason Frank Intro

03:22 – Jason at BlackHat

03:30 - SpecterOps

04:34 – How Jason got to where he is

08:50 – Curiousity and motivation born from failing at a CTF

09:50 – Adversary Simulation – why is Jason using this phrase?

12:32 – Where are we in the current security culture?

16:11 – How to get attention of stakeholders, what concepts do you put in play?

18:03 – Reactive vs. Proactive

21:56 – How can corporations prepare for and mitigate attacks?

23:39 – What are the business repercussions of not letting machines talk to each other, and only the server?

25:45 – What are the more recent attacks you’ve seen coming up that people should be looking for?

28:14 – Knowledge bombs – terminology that people can look up to recognize “low hanging fruit” they may be missing – Bloodhound

30:00 – Cycles where certain things can be exploited such as ActiveDirectory

30:50 – What other things do companies need to be watching for

32:14 – PowerShell

33:44 – What are some action steps that corporations should start taking right now?

34:51 – Colleagues Jason respects most in the industry

  • Andrew Morris founder of GreyNoise
  • Dane Stuckey from Palantir
  • Jason Hill from DHS CISA
  • Bryan Beyer and Keith McCammon from Red Canary

36:50 – Jason's Book Recommendations

38:31 – Wrap-Up

@jasonjfrank on Twitter

Jason J Frank on LinkedIn

@joemontmania on Twitter (Ryan MacDougall)

@HumanHacker on Twitter (Chris Hadnagy)

@InnocentOrg on Twitter (Innocent Lives Foundation)

150 episodes