In this episode of the Malspace Podcast, I sit down with Cris Kittner, Senior Manager of Threat Research Engineering at Proofpoint, for a deep and personal conversation about her remarkable journey through the world of cyber threat intelligence.

From growing up in Brazil during times of political unrest to working her way into the U.S. defense sector, Cris shares how her passion for understanding violent extremism and security evolved into a career at the forefront of cybersecurity — including over a decade at Mandiant, Google Cloud, and now Proofpoint.

Together, we explore:

• ​How curiosity and persistence shaped Cris’s unconventional path into cyber intelligence
• ​Lessons from working with legendary figures in APT research at Mandiant
• ​The growing overlap between nation-state and e-crime operations — and why breaking down silos is vital for modern threat analysis
• ​Her leadership philosophy around psychological safety, mentorship, and preventing burnout
• ​How human connection — and even friendship bracelets — can strengthen cybersecurity teams

It’s an inspiring conversation about adaptability, empathy, and the evolving landscape of threat intelligence — told through the lens of one of the field’s most passionate voices.

In this episode, Julien sits down with Chi En (Ashley) Shen, a distinguished threat researcher at Cisco Talos.

Ashley shares her fascinating journey from hacking forums in Taiwan to leading threat intelligence at global giants like Google and Mandiant.

Together, they explore the rising trend of compartmentalized cyberattacks, the evolving role of Initial Access Brokers (IABs), and Ashley’s proposed enhancements to the Diamond Model. The episode also dives into her work promoting diversity in cybersecurity through initiatives like HITCON Girls and Raclette.

Links:

• Ashley on Bluesky

• Ashley’s podcast Hacks Between Us (我們之間的駭)

• Blog article: Redefining IABs: Impacts of compartmentalization on threat tracking and modeling
• Diamond Model
• HITCON Girls
• Raclette Switzerland (Cybersecurity Community)
• Ashley’s upcoming talk at Black Hat USA

On this episode, Mark Parsons, Senior Threat Hunter at Sophos MDR, discusses his team's investigation into Operation Crimson Palace, which uncovered Chinese state-sponsored cyberespionage targeting a Southeast Asian government. Mark explains how they identified three distinct clusters of activity using advanced malware and evasion techniques, including previously unreported tools like CCoreDoor and PocoProxy.

Show Notes

• ​Operation Crimson Palace: Sophos threat hunting unveils multiple clusters of Chinese state-sponsored activity targeting Southeast Asian government
• ​Surfacing a Hydra: Unveiling a Multi-Headed Chinese State-Sponsored Campaign Against a Foreign Government
• ​Crimson Palace returns: New Tools, Tactics, and Targets

In this episode of Malspace, Pierre Delcher, Head of Cyber Threat Research at HarfangLab, discusses the alarming rise of Russian disinformation campaigns targeting European and US media. We explore how cloned websites of outlets like Der Spiegel, Le Monde, and The Washington Post are being used to spread fake news, manipulating public opinion. Pierre sheds light on the techniques behind these operations and the role European companies play in keeping them online.

Show Notes

• EU Disinfo Lab on Doppelgänger
• Qurium - Under the hood of a Doppelgänger
• Correctiv - How Russia uses EU companies for its propaganda
• BayLfV report (German)
• Mid-year Doppelgänger information operations in Europe and the US

On this episode, Chris Formosa and Steve Rudd of Lumen’s Black Lotus Labs share their research on a multi-year campaign targeting end-of-life (EoL) small home/small office (SOHO) routers and IoT devices, associated with an updated version of TheMoon malware. TheMoon, which emerged in 2014, has been operating quietly, while growing to over 40,000 bots from 88 countries in January and February of 2024.

Show Notes

• Darkside of TheMoon Blog Article
• Giving a Face to the Malware Proxy Service Faceless
• IOCs on Github
• BSides Las Vegas Talk

In this special episode of Malspace, we celebrate the 8th anniversary of the Vertex Project and the 11th anniversary of the APT1 report release together with Visi Stark himself. Join us for fascinating anecdotes, insights, and a forward-looking discussion on the future of threat intelligence.

Show Notes

• Visi Stark
• Vertex Project
• Vertex Project´s 8 Year Anniversary
• APT1 Report
• PLA - People's Liberation Army
• Vivisect
• NCAJTF
• Airforce OSI
• UNC

In this episode, I chat with Costin Raiu, former Director of Kaspersky's GReAT and now working as an independent researcher. Costin shares his journey into threat research, key career highlights, and current volunteer work aiding victims of the Pegasus malware. He also offers insights into possible future threats and potential visibility gaps to consider.

Show Notes

• Costin Raiu
• Kaspersky GReAT
• ED011
• RAV AntiVirus
• Red October
• Wild Neutron
• Equation Group
• Lazarus Group
• Noh Theater
• Staying Safe from Pegasus

Join me as I sit down with Pasquale and Bartosz, the organizers of PIVOTcon. In this episode, we'll delve into the fascinating origin story of this groundbreaking conference on Threat Research, which made its debut in May 2024 in the beautiful city of Malaga. Discover the inspiration, challenges, and triumphs, and learn why the art of coffee placement is an important detail to consider at such an extraordinary event.

Show Notes

• Bartosz Jerzman
• Pasquale Stirparo
• PIVOTcon
• PIVOTcon Song

Aleksandar Milenkoski joins us in this Episode to share insights about his recent PIVOTcon talk on previously undisclosed details about several North Korean APT activities.

Show Notes

• Aleks Profile
• PIVOTcon Talk
• Lazarus Group
• ScarCruft | Attackers Gather Strategic Intelligence and Target Cybersecurity Professionals
• PIVOTcon