First documented case: AI inside the breach.
Promptlock marks the first time malware has used AI during execution, not just in preparation. In this Threat Talks deep dive, Rob Maas (Field CTO, ON2IT) sits down with Yuri Wit (SOC Analyst, ON2IT) to break down how it works: a Go loader calling an attacker’s LLM in real time, generating fresh payloads that adapt on the fly.

This episode strips away sci-fi hype. You’ll see the psychology of an adversary that thinks mid-attack—and the Zero Trust defenses that box it in. When AI runs inside the kill chain, malware doesn’t just evolve. It crosses into super-malware.

• (00:00) - — Cold open: “What if malware could think?”
• (00:18) - — Welcome: Rob Maas & Yuri Wit
• (00:41) - — First reaction to PromptLock
• (01:02) - — How attackers already use AI (phishing, coding, negotiations)
• (03:02) - — Why PromptLock is different: AI during execution
• (03:35) - — How it works: Go → Ollama → LLM → Lua
• (06:36) - — Proof-of-concept tells (the Satoshi wallet)
• (07:55) - — Defense shift: hashes die, behavior wins
• (10:40) - — Detecting LLM calls: SSL inspection realities
• (11:26) - — Quick wins: block interpreters (Lua/Python/PowerShell)
• (12:23) - — Zero Trust moves: default-deny egress & segmentation
• (12:41) - — What’s next: dynamic exploits & on-demand EDR bypass
• (16:21) - — Timelines & hardware: why adoption could accelerate
• (18:21) - — Wrap-up & CTA

 

Key Topics Covered
• The first documented case of AI inside the breach — why Promptlock changes the game
• Promptlock’s core loop: calling an LLM mid-attack to generate fresh payloads.
• Why hash-based detection breaks against AI-powered malware detection, ever-changing scripts.
• Behavioral defense over signatures: EDR/XDR, sandboxing, and SSL inspection.
• Zero Trust in practice: block script interpreters, restrict egress, and shrink blast radius.

Additional Resources
ON2IT Zero Trust: https://on2it.net/zero-trust/
Threat Talks hub: https://threat-talks.com/
Ollama (referenced in episode): https://ollama.com/
The Rising Threat of Deepfakes: https://youtu.be/gmtZ_aYmQdQ

Guest & Host Links:
Rob Maas, Field CTO, ON2IT: https://www.linkedin.com/in/robmaas83/ 
Yuri Wit, SOC Specialist, ON2IT: https://www.linkedin.com/in/yuriwit/

Click here to view the episode transcript.

🔔 Follow and Support our channel! 🔔
=== 
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🕵️ Threat Talks is a podcast created in collaboration with ON2IT and AMS-IX. Each episode features leading cybersecurity experts sharing real-world insights on emerging threats, trends, and defense strategies — helping organizations stay secure in today’s rapidly evolving digital world.

ON2IT website: https://on2it.net/
AMS-IX website: https://www.ams-ix.net/ams

Your tools say “secure.” Your headers say “leaking.”
In this Threat Talks Deep Dive, ON2IT’s Luca Cipriano (CTI & Red Team Lead) exposes Data Bouncing—a stealthy exfiltration trick that hides inside HTTP headers and abuses DNS lookups through trusted third parties. We show the demo, decode the psychology of the attack, and translate it into Zero Trust moves you can deploy today.

• (00:00) - – Why your defenses aren’t enough
• (00:11) - – What is Data Bouncing?
• (01:22) - – How attackers exfiltrate data via DNS & headers
• (05:20) - – Live demo: DNS lookups & Burp Suite interception
• (10:48) - – Reassembling stolen files undetected
• (15:24) - – Can you defend against Data Bouncing?
• (19:20) - – Testing it in your own environment
• (21:00) - – Key takeaways & call to action

Key Topics Covered
•  How Data Bouncing enables covert data exfiltration
•  Abuse of headers like X-Forwarded-For to bypass firewalls
•  Live demo: attacker vs. victim scenario
•  Defensive measures: decryption, inspection, Zero Trust, and SOC awareness

Additional Resources
• ON2IT Threat Talks Podcast: https://www.on2it.net/threat-talks
• Zero Trust Resources: https://www.on2it.net/zero-trust/

Guest & Host Links:
• Luca Cipriano, Cyber Threat Intelligence Program Lead, ON2IT: https://www.linkedin.com/in/luca-c-914973124/
• Rob Maas, Field CTO, ON2IT: https://www.linkedin.com/in/robmaas83/ 

Click here to view the episode transcript.

🔔 Follow and Support our channel! 🔔
=== 
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a podcast created in collaboration with ON2IT and AMS-IX. Each episode features leading cybersecurity experts sharing real-world insights on emerging threats, trends, and defense strategies — helping organizations stay secure in today’s rapidly evolving digital world.

ON2IT website: https://on2it.net/
AMS-IX website: https://www.ams-ix.net/ams

Playing it safe with AI sounds smart, but is banning it really how you prevent data leaks?

In this episode of Threat Talks, ON2IT’s Lieuwe Jan Koning (ON2IT Co-Founder) sits down with Rob Maas, Field CTO at ON2IT, to tackle the hard question: How can CISOs and security leaders embrace AI safely—without exposing their organization to destructive data leaks?

From Samsung’s ChatGPT ban to real-world AI hallucinations, we unpack why “AI, play it safe” doesn’t mean blocking innovation—it means controlling it.

• (00:00) - 00:00 – AI, play it safe introduction
• (00:00) - 00:41 – Customer fears: Ban AI or embrace it?
• (00:00) - 01:13 – Real case: $1 Chevrolet Tahoe & AI chatbots gone wrong
• (00:00) - 02:46 – Samsung’s ChatGPT ban: lessons for CISOs
• (00:00) - 06:50 – How AI transforms work & productivity (coding, translation, ops)
• (00:00) - 17:00 – Data exposure & AI governance: the #1 risk
• (00:00) - 30:21 – LLM on Prem
• (00:00) - 33:10 – AI hallucinations & unsafe outputs (dangerous examples)
• (00:00) - 40:50 – The CISO dilemma: Fall behind or take control

Key Topics Covered
• Why “banning AI” is a bigger risk than using it with the right safeguards.
• Real-world AI risks: hallucinations, unsafe outputs, and data exposure.
• Zero Trust approach to AI adoption: categorize sanctioned, tolerated, unsanctioned tools.
• How CISOs can transform AI fear into competitive advantage with the right strategy.

Additional Resources
• ON2IT Threat Talks Podcast: https://www.on2it.net/threat-talks
• Zero Trust Resources: https://www.on2it.net/zero-trust/

Guest & Host Links:
Rob Maas (Field CTO, ON2IT): https://www.linkedin.com/in/robmaas83/ 
Lieuwe Jan Koning (Founding Partner, ON2IT): https://www.linkedin.com/in/lieuwejan/

If you’re a CISO, CIO, or security leader navigating the AI storm, this episode is a must-watch.

Click here to view the episode transcript.

🔔 Follow and support our channel! 🔔
=== 
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

Zero Trust step 5A is where monitoring turns raw logs into decisive action.
Hosts Lieuwe Jan Koning and Rob Maas (Field CTO, ON2IT) expose why MDR alone isn’t protection—and how context closes the gap. Learn to inspect every event, use Indicators of Good/Compromise, and set Rules of Engagement that stop lateral movement and alert fatigue.

• (00:00) - — Welcome & Step 5A (Monitor) setup
• (00:37) - — Steps 1–4 recap: protect surfaces, flows, architecture, policy
• (04:12) - — MDR vs protection: why “collect all logs” fails
• (07:28) - — Events vs logs: inspect every event & retention reality
• (10:22) - — Context from protect surfaces: mapping IPs to business systems
• (13:41) - — IoG vs IoC vs Unknown: triage model & beating alert fatigue
• (17:59) - — Rules of Engagement: automation, kill switch & blast radius (prevention first)

Key Topics Covered
• MDR ≠ protection: why Step 5A only works after Steps 1–4 are in place.
• Events vs logs: what to keep, what to act on, and how to avoid SIEM sprawl.
• Context from protect surfaces: mapping IPs to business systems to triage fast.
• Automation with Rules of Engagement: IoG/IoC/Unknown, kill switches, and reducing blast radius.

If this helped sharpen your Zero Trust monitoring strategy, subscribe to Threat Talks and turn on notifications—don’t miss Step 5B (Maintain).

Additional Resources
• https://on2it.net/zero-trust/
• https://on2it.net/managed-security/protect-surface-management/
• https://on2it.net/wp-content/uploads/2023/02/Zero-Trust-Dictionary-EN.pdf
• https://on2it.net/context-is-key-the-data-challenge-of-cybersecurity/
• https://threat-talks.com/
• https://www.ams-ix.net/

Guest & Host Links:
Rob Maas (Field CTO, ON2IT): https://www.linkedin.com/in/robmaas83/
Lieuwe Jan Koning (Founding Partner, ON2IT): https://www.linkedin.com/in/lieuwejan/

Click here to view the episode transcript.

🔔 Follow and Support our channel! 🔔
=== 
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a podcast created in collaboration with ON2IT and AMS-IX. Each episode features leading cybersecurity experts sharing real-world insights on emerging threats, trends, and defense strategies — helping organizations stay secure in today’s rapidly evolving digital world.

ON2IT website: https://on2it.net/
AMS-IX website: https://www.ams-ix.net/ams

Russia’s most notorious cyber unit—Seashell Blizzard (also known as Sandworm, APT 44 and Iron Viking)—has taken down shipping giants, Olympic systems, and Ukraine’s power grid.

In this Threat Talks deep dive, Lieuwe Jan Koning, Yuri Wit (Red Team), and Rob Maas (Blue Team) reveal exactly how these attacks unfold, why they’re so hard to stop, and how Zero Trust can tip the balance back to defenders.

• (00:00) - – Cyber warfare in the Ukraine conflict: setting the stage
• (01:10) - – Who is Seashell Blizzard? Names, aliases, and Russian GRU ties
• (04:00) - – NotPetya, Olympic Games, and high-profile disruption campaigns
• (07:31) - – Initial access: stealth exploits on edge devices
• (11:40) - – Privilege escalation via Living-off-the-Land (LOLBin) tactics
• (15:23) - – Weaponizing Group Policy Objects with “Tank Trap” for mass wipers
• (19:13) - – Objectives: disruption, damage, and public bragging rights
• (23:40) - – Zero Trust defenses, segmentation, and last-resort recovery

Key Topics Covered
• Seashell Blizzard’s attack chain: from stealth reconnaissance to mass destruction.
• NotPetya & global fallout: when a Ukraine-targeted attack crippled global shipping.
• Defense strategies: hardening edge devices, segmentation, and EDR behavior detection.
• Zero Trust in action: protecting critical assets before the breach happens.

Related ON2IT Content & Referenced Resources
• ON2IT Threat Talks Playlist: https://www.youtube.com/@ThreatTalks/playlists ON2IT Zero Trust Resources: https://on2it.net/zero-trust
• MITRE ATT&CK – Sandworm Team (APT 44): https://attack.mitre.org/groups/G0034/

🔔 Follow and Support our channel! 🔔
=== 
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

One mis-typed contact detonates Signal Gate, turning “secure” messaging into a classified-data leak.Host Lieuwe Jan Koning (Co-founder, ON2IT) and Thomas Manolis (Security Officer, AMS-IX) lay out the breach blow-by-blow—then drop the Zero Trust, Shadow IT and information-governance tactics every CISO needs before the next incident hits.High stakes, hard lessons—compressed into actionable steps you can brief to the board.Timestamps00:00 Cold-open: “wrong recipients” analogy00:37 What really happened in Signal Gate01:38 Mistake #1 – Choosing a consumer app over classified03:34 Mistake #2 – Human error: the mis-added journalist07:55 Shadow IT, usability & Secure Messaging Apps 09:10 Information Governance, audits and technical controls12:02 Zero Trust takeaways & action planKey Topics Covered• Anatomy of the Signal Gate breach & timeline• Why Shadow IT sabotages secure operations• Building airtight Information Governance for secure messaging apps• Operationalizing Zero Trust: least privilege, continuous verification, human-centric trainingRelated ON2IT Content & Referenced Resources• “Understanding Zero Trust – Lessons from Experts” whitepaper: https://on2it.net/resources/?• Zero Trust Readiness Assessment (PDF): https://on2it.net/wp-content/uploads/2022/05/Zero-Trust-Readiness-Assessment-EN-US.pdf• Threat Talks podcast hub: https://threat-talks.com/🔔 Follow and Support our channel! 🔔=== ► YOUTUBE: https://youtube.com/@ThreatTalks► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520👕 Receive your Threat Talks T-shirthttps://threat-talks.com/🗺️ Explore the Hack's Route in Detail 🗺️https://threat-talks.com🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

ON2IT’s Lieuwe Jan Koning goes one-on-one with AMS-IX CEO Peter van Burgel to expose why the once-open internet is splintering into rival, firewalled regions. Discover the geopolitical forces fueling this cybersecurity trend. Learn the Zero Trust resilience moves CISOs must deploy to stay sovereign in the future of the internet.Key Topics Covered• Drivers behind the Splinternet & what they mean for CISOs• Scenario-planning methodology for threat forecasting• Aligning Zero Trust with data-localization mandates• Resilience vs. redundancy: how to build real business continuity• Earth-IX concept: keeping critical flows alive amid fragmentationRelated Content & Resources• ON2IT Zero Trust Framework → https://on2it.net/zero-trust/• AMS-IX MORE-IP Conference insights → https://www.ams-ix.net/ams• EU Digital Services Act overview → https://digital-strategy.ec.europa.eu/en🔔 Follow and Support our channel! 🔔► YOUTUBE: https://youtube.com/@ThreatTalks► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520👕 Receive your Threat Talks T-shirthttps://threat-talks.com/🗺️ Explore the Hack's Route in Detail 🗺️https://threat-talks.com🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

Administrative accounts come with serious power – and serious power, comes with serious risk.In part B of our deep dive into step four of Zero Trust (create Zero Trust policy), host Lieuwe Jan Koning and ON2IT Field CTO Rob Maas unpack how to build Zero Trust policies specifically for administrative access. They explore:1) Why admins are a high-value target – and what that means for policy2) How to build secure jump hosts and enforce strict access controls3) What ‘separation of identity’ really looks like in practice 🎧 Part B builds on the policy work discussed in part A. Worth a listen if you deal with access management or design policy.Shownotes⁃       Zero Trust Step 1 episode: https://youtu.be/mC66i-tEEFs⁃       Zero Trust Step 2 episode: https://youtu.be/wp0q9aZHuXc⁃       Zero Trust Step 3 episode: https://youtu.be/eGsw2JCnrac⁃       Zero Trust Step 4a episode: https://youtu.be/qT_nqbBEkVw

Now that you’ve defined your protect surfaces, mapped your transaction flows and built your Zero Trust architecture, it’s time for step four of Zero Trust: creating policy. In other words, it’s time to turn strategy into actual rules.In this episode of Threat Talks, host Lieuwe Jan and Koning and Field CTO of ON2IT Rob Maas talk through how to create and validate Zero Trust policies.They explore:·      What makes a ‘good’ policy (and why broad strokes won’t cut it)·      How to apply the Kipling method to policy creation·      Why policies need ongoing validation to stay effective Make sure to stay tuned for the second part of this episode as well, where Lieuwe Jan and Rob dive into the specifics of policy for administrative access.Shownotes⁃       Zero Trust Step 1 episode: https://youtu.be/mC66i-tEEFs⁃       Zero Trust Step 2 episode: https://youtu.be/wp0q9aZHuXc⁃       Zero Trust Step 3 episode: https://youtu.be/eGsw2JCnrac

What does quantum computing mean for blockchain? And how should platforms respond before Q-day becomes reality? In this episode of Threat Talks, ON2IT Field CTO Rob Maas is joined by Jeroen Scheerder, who leads ON2IT's post-quantum cryptography research group. They explore how quantum algorithms interact with current blockchain designs, what makes certain cryptocurrencies more flexible than others, and where we're already seeing movement toward future-ready solutions. ⛓ How does blockchain actually work again? 🔓 What makes classical encryption vulnerable to quantum algorithms? 🧠 Why can't you just “update” Bitcoin? From cryptographic design to real-world limitations, this episode is all about understanding the risks and opportunities in a post-quantum future. Shownotes Post-Quantum Threat to Encryption episode : https://youtu.be/rimW1XJNNLo

Windows Recall is a new feature in Windows 11 that captures screenshots every few seconds and stores them in a local database. It’s designed to help users find what they’ve seen or done: but that convenience may come at a high cost.In this episode of Threat Talks, ON2IT Field CTO Rob Maas speaks with security expert Jeroen Scheerder about the real risks of Recall. They break down how the tool works, what data it captures, and why the built-in protections may not be enough.In this episode of Threat Talks:🧠 How Recall works and what makes it so controversial🔍 Why bolted-on security measures leave gaps🎯 Which users and organizations are most exposedTune in to hear why Windows Recall is raising red flags and what you need to know to protect your organization.

Andy Grotto (founder and director of the Program on Geopolitics, Technology and Governance at Stanford University) puts it plainly: there's a 5% chance that within the next 10 years, AI could rule over humans. That number might sound small, but it's enough to take seriously.He joins host Lieuwe Jan Koning and guest Davis Hake (Senior Director for Cybersecurity at Venable) as they dive into the technology, governance, and risks behind autonomous AI. From system trustworthiness to liability, and market incentives to regulation, they break down what’s already happening and what needs to happen next.They also discuss how humans will struggle to validate AI outcomes in areas where AI excels, why thoughtful deployment is key, and what it means to be “quick, but not in a hurry.” Key topics:✅ How to adopt your security and governance to the use of AI🧠 Why applying existing IT risk frameworks is a smart starting point⚖️ How to balance regulation, trust, and innovationCan your organization keep up with AI that moves faster than human oversight?

It’s time to get practical. After identifying protect surfaces and mapping flows, the third step in Zero Trust is about designing the actual architecture.In this episode of Threat Talks, Lieuwe Jan and Rob Maas talk about segmentation, control selection, and why this is the most operational step in your Zero Trust journey.They cover:✅ Why segmentation is one of the most important Zero Trust measures🔒 How to choose and assign technical controls (and what matters most)📄 How frameworks like MITRE ATT&CK, ISO 27001, and the Cyber Kill Chain help map risks to controlsFrom translating compliance requirements into actionable controls to whiteboarding micro-perimeters and network segments, this is where the vision meets the real world.Shownotes:⁃ Zero Trust Step 1 episode: https://youtu.be/mC66i-tEEFs ⁃ Zero Trust Step 2 episode: https://youtu.be/wp0q9aZHuXc ⁃ Rick Howard episode on the Kill Chain https://www.youtube.com/watch: v=GC8z3W2OSwQ&t=1s ⁃ Outlook Web Access Deep Dive episode: https://www.youtube.com/watch?v=Bd5mhPiqT5Q 🔔 Follow and Support our channel! 🔔=== ► YOUTUBE: https://youtube.com/@ThreatTalks► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520👕 Receive your Threat Talks T-shirthttps://threat-talks.com/🗺️ Explore the Hack's Route in Detail 🗺️https://threat-talks.com🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

From sovereign clouds to Zero Trust, and from cross-border investments to threat intelligence sharing, cooperation between the US and Europe is crucial, but still complex. With differing policies, fragmented markets, and varying strategies, the cyber world remains anything but unified.In this special episode of Threat Talks, Davis Hake (Senior Director for Cybersecurity at Venable) leads a discussion with Lisa Hill (Director of Investor Relations at Shield Capital), Chris Painter (the US’s first cyber ambassador and founder partner of the Cyber Policy Group), Lieuwe Jan Koning (CTO and co-founder of ON2IT cybersecurity) and Peter Brown (former EU official and diplomat). Together, they explore where collaboration is gaining ground and where major obstacles still stand. 🌐 How do the US and EU differ in their approach to Zero Trust and prevention?📊 What role does private sector investment play in advancing national security?🔁 Why is threat intelligence still so difficult to share effectively across borders?Tune in for a grounded conversation that connects regulation, strategy, and industry, and shows how both sides of the Atlantic are navigating today’s cyber challenges.🔔 Follow and Support our channel! 🔔=== ► YOUTUBE: https://youtube.com/@ThreatTalks► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520👕 Receive your Threat Talks T-shirthttps://threat-talks.com/🗺️ Explore the Hack's Route in Detail 🗺️https://threat-talks.com🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

AI vs. Human Pentesting: Who Wins?What happens when you try to automate something that’s part science, part art? In an industry rushing to adopt AI for everything from detection to response, the real question is: can a machine truly replace the craft of a human pentester?In this episode of Threat Talks, host Lieuwe Jan Koning is joined by Melanie Rieback, co-founder and CEO of Radically Open Security, and Luca Cipriano, a red teamer and threat intel specialist. Together, they dig into what makes great pentesting work.Melanie explains why her company donates 90% of profits to open source and operates with a not-for-profit model, and how that connects with their mission to support NGOs and civil society groups. Together, she and Luca share their hands-on experience with pentesting and why creativity, gut instinct, and lateral thinking are still crucial in ethical hacking.They discuss:🤖 Can AI outsmart human red teamers?🧠 What makes great hacking truly human?🔍 What’s still too complex for automation?From tool-assisted testing to old-school intuition, this conversation offers a grounded take on the reality of modern pentesting and what AI can’t do (yet).🔔 Follow and Support our channel! 🔔=== ► YOUTUBE: https://youtube.com/@ThreatTalks► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520👕 Receive your Threat Talks T-shirthttps://threat-talks.com/🗺️ Explore the Hack's Route in Detail 🗺️https://threat-talks.com🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

PLCs with default passwords. Devices searchable online. Siloed asset inventories. These OT challenges are common, but they’re also fixable. In this episode of Threat Talks, host Lieuwe Jan Koning sits down with Venable’s Caitlin Clarke and Schneider Electric’s Patrick Ford to discuss why the OT side of your business deserves the same focus and attention as IT. From default passwords to exposed PLCs, they show how these ‘tech risks’ span beyond just OT and IT. They discuss:✅ How to replace "default" thinking on OT security🌐 Spotting internet-facing assets before attackers do🔍 Using CISA’s Installed Base Initiative to locate orphaned tech🤝 Building joint response plans across IT, OT, and governmentOrganizations are getting ahead of risk by building live OT inventories, applying smart controls, and partnering with federal teams to strengthen critical infrastructure. Are you ready to join them?Additional Resources:► Securing critical infrastructure: https://www.se.com/ww/en/download/doc...🔔 Follow and Support our channel! 🔔=== ► YOUTUBE:    / @threattalks  ► SPOTIFY: https://open.spotify.com/show/1SXUyUE...► APPLE: https://podcasts.apple.com/us/podcast...👕 Receive your Threat Talks T-shirthttps://threat-talks.com/🗺️ Explore the Hack's Route in Detail 🗺️https://threat-talks.com🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

Once you have defined a few protect surfaces (see: ⁠Step 1 of Zero Trust-video link below⁠), the next step is to start mapping the transaction flows: how these protect surfaces communicate with one another. Understanding how data travels to, from and around protect surfaces is your next logical movie. Why? Because if you don’t know how your systems talk to each other, you can’t secure them. In this episode of Threat Talks, host Lieuwe Jan Koning and Field CTO Rob Maas discuss how to identify communication paths between protect surfaces and why this visibility is critical for both risk containment and policy validation. They explore:✅ How to identify communication paths⛕The difference between inbound and outbound traffic (and why this matters)🙋🏼‍♂️Why business owners and business context are essentialGet all the details andinsights on this second step of Zero Trust: mapping the transaction flows.Additional Resources:► Zero Trust Step One: https://youtu.be/mC66i-tEEFs

Now that we know what a PLC, HMI and SCADA are (check out last week’s episode for a refresher if you need one!), we’re ready for part two of our OT deep dive: how does an OT attack work? In this Deep Dive, Rob Maas and Luca Cipriano break down just how complex an OT attack really is. From needing to stay hidden, to requiring access to very specific system settings and blueprints; setting up a successful OT attack (thankfully) is no easy task. But does that mean it’s easier to defend against them?Key topics:⚙️ How IT and OT attacks differ☠️ What the ICS cyber kill chain is🌎 How OT attacks can impact whole nationsJoin Rob and Luca for a discussion on the motivations behind OT attacks, how to bridge the gap between cybersecurity and engineering, and what we can do to prevent these high impact OT attacks.Additional Resources:► Operational Technology for Dummies (Previous Episode): https://youtu.be/Pdp_OCf6npQ► Inside Volt Typhoon: China’s Silent Cyber Threat: https://youtu.be/DSalzpj59RI► Hack the Boat - cybersecurity on the high seas 🌊 - Threat Talks Cybersecurity Podcast: https://youtu.be/Xa0TJ3eRTCw

From heating systems in Ukraine to petrochemical plant safety controls, Operational Technology (OT) systems are the hidden workhorses behind critical infrastructure: and they're wide open to cyber threats. In this Deep Dive, Rob Maas sits down with Luca Cipriano to break down what OT is, why it’s different from IT, where the two overlap and how we can start securing both before it’s too late.  Key topics:⚙️ What OT is (and isn’t)📉 Why IT and OT often don’t speak the same language🛠️ Real-life OT cyberattacks (hello, FrostyGoop and TRITON)Welcome to OT 101: explained in plain language, with a healthy dose of practicality.

From ships and cities to hospitals and airports, Operational Technology (OT) keeps the world running. The problem? It was never designed with cybersecurity in mind. In this episode of Threat Talks, host Karin Muller is joined by TC Hoot (VP of Contracts at TAC) and Luca Cipriano (Threat Intel Specialist at ON2IT) to explore how airports, hospitals, ports, and even water systems can be compromised.  Key topics they tackle:🛳️ Why are modern ships, airports, hospitals and even cities targeted?🛡️ What makes OT so hard to secure compared to IT?✈ What do real-world OT threats look like and how can we defend against them? If you’ve ever asked “how could a fish tank lead to a casino breach?” or “can someone actually hack an airport’s baggage system?” this one’s for you.