Breaking Badness

In this episode, DomainTools' Daniel Schwalbe is joined by Renee Burton (Infoblox), Raymond Dijkxhoorn (Surbl), and Peter Lowe (FIRST.org) to unpack the inaugural DomainTools Intelligence Report and what it reveals about DNS-based threats in 2024. The panel digs into evolving detection challenges, the pitfalls of domain scoring, the growing complexity of threat actor behavior, and why industry collaboration continues to lag.

They explore topics like aging domains, TLD abuse, data sharing barriers, and the creative lengths bad actors go to avoid detection. Whether you're building threat intel tools or blocking domains at the edge, this conversation is a must-listen for anyone in DNS-based security.

In this episode of Breaking Badness, Kali Fencl sits down with Audra Streetman, a former journalist turned threat intelligence analyst at Splunk. Audra shares her journey from local newsrooms to the frontlines of cybersecurity, detailing how her storytelling skills translate directly into threat research.

Audra walks us through how ransomware attacks like JBS Foods and the Excellion breach sparked her pivot into cyber. She dives deep into persistent threat tactics, such as file transfer appliance exploitation, the growing risk of cloud infrastructure attacks, and North Korean IT worker scams.

If you're a cybersecurity professional, a curious career switcher, or someone looking to stay ahead of threat actor trends, this episode delivers real insight with practical relevance.

Exposing Your Attack Surface on Purpose: API Chaos, AI Risk, and Quantum Reality by DomainTools

In this RSA Conference 2025 special episode, we dive into the evolving world of cyber
attribution, AI-powered threat tactics, and real-world incident response in AWS and GCP
environments.

Our guests include:
● Tal Darsan and Etay Maor from Cato Networks, discussing stealthy attacker techniques,
AI-powered evasion, and lessons from ransomware groups like Medusa, Play, and
Hunters International.

● Yonaten Khen from Hunters, who walks us through how his team discovered a privilege
escalation vulnerability in Google Workspace and what it reveals about modern cloud
attacks.

In this RSA Conference 2025 special episode, we explore two critical frontiers shaping the
future of cybersecurity.

First, Jon DiMaggio (Author of The Ransomware Diaries, Analyst1) breaks down the hidden
supply chains behind ransomware gangs, including the economics of affiliate betrayal and the
challenge of accurate attribution. He walks us through his methodology for identifying
ransomware rebrands like BlackCat and RansomHub using evidence-based frameworks
designed to eliminate human bias.

Then we’re joined by Matt Radolec (VP of Incident Response at Varonis), who brings a fresh
perspective on talent development in cybersecurity. Drawing from his keynote "From Gamer to
Leader", Matt argues that gamers possess untapped potential as cybersecurity professionals
and it’s time to design leadership pipelines like quest lines.

From ransomware negotiations on underground forums to using AI-enhanced playbooks and
transforming threat response teams into RPG-style guilds, this episode blends technical insight
with cultural reflection.