Episode 5: Andrew Morris

Written By Luke Paine

Andrew Morris joins us to talk about smuggling submarines, scanning the internet, threat intelligence, and more!

Episode Guide:

1:30 - Introduction

5:26 - History of the Development of Get-InjectedThread

22:05 - Who is Andrew Morris?

26:45 - What is GreyNoise Intelligence?

33:20 - Understanding the analysis burden of an alert

36:55 - Scoping detection goals

47:40 - The danger of prematurely filtering telemetry

53:33 - Approaching detections considering False Positives AND False Negatives

57:50 - Managing telemetry storage ("disk" vs. "memory")

1:05:05 - How survivorship bias might affect our perspective of attacks/attackers

1:13:45 - Is knowledge a burden in detection and response

Luke Paine
Previous

Episode 6: Matt Graeber
Next

Episode 4: Joe Vest