DISCARDED: Tales From the Threat Research Trenches
DISCARDED: Tales from the Threat Research Trenches is a podcast for security practitioners, intelligence analysts, and threat hunters looking to learn more about the threat behaviors and attack patterns. Each episode you’ll hear real world insights from our researchers about the latest trends in malware, threat actors, TTPs, and more.Welcome to DISCARDED
From Phishing to Court Cases: How Microsoft Fights Back Against Hackers
Send us fan mail!
Hello to all our Cyber Pals!
Host Selena Larson is joined by Sean Farrell, Assistant General Counsel at Microsoft's Digital Crimes Unit (DCU), to pull back the curtain on how major cyber crime takedowns actually happen and how Microsoft uses civil lawsuits, criminal referrals, and global partnerships to disrupt some of the most damaging cyber crime operations in the world.
They discuss:
What DCU does and Sean's path from FBI to AWS to MicrosoftHow civil claims like the...Diving Into the DBIR: Vulnerabilities, AI, and Supply Chain
Send us fan mail!
Hello to all our Cyber Pals!
Host Selena Larson is joined by guest host Sarah Sabotka as they chat with returning guest: Alex Pinto, Associate Director of Threat Intelligence at Verizon Business, and the architect behind the Verizon Data Breach Investigations Report.
Alex joins hosts Selena Larson and Sarah Sabatka to break down the most important findings from this year's report — and there's a lot to unpack.
From vulnerabilities overtaking credential abuse as the leading initial access vector, to the sobering reality that organizations are patching more but...
"Always Intentional": A CISO's Pragmatic Take on the Agentic Era
Send us fan mail!
What does it actually look like to bring AI into a threat intelligence program at one of the internet's most iconic companies?
Hello to all our Cyber Pals!
Host Selena Larson is joined by guest host, Sarah Sabotka as they chat with Sean Zadig, Chief Information Security Officer (and "Chief Paranoid") at Yahoo, for a candid conversation about the evolving intersection of AI and cybersecurity.
Sean shares how Yahoo's security team, the Paranoids, is navigating the agentic AI transformation...
A Device Code Explosion: The New Era of AI-Enabled Phishing
Send us fan mail!
Hello to all our Cyber Sunbeams!
Host Selena Larson is joined by guest host, Sarah Sabotka as they chat with Jake Gionet to unpack one of the fastest-growing threats in today’s cyber landscape: device code phishing.
What started as a niche technique used in red team exercises has quickly evolved into a widely adopted method for account takeover—fueled by publicly available phishing kits and accelerated by AI-assisted tooling. The trio breaks down how device code phishing works, why it’s suddenly everywhere, and ho...
Champagne with Our Campaigns: A 100th Episode Happy Hour
Send us fan mail!
Hello to all our Cyber Pals, Cyber Centaurs, Cyber Stars, and listeners who have been with us for 100 episodes! It’s our 100th episode—and we’re raising a glass to celebrate. 🥂
Host Selena Larson is joined by long-time guest hosts, Sarah Sabotka and Tim Kromphardt, and honorary host, VP of Proofpoint Threat Research Daniel Blackford, for this commemorative episode of Discarded! We reflect on the journey so far, revisit standout moments, and look ahead to what’s next in cybersecurity.
From unforgettable guests and inside...
Magic Packets & Stealth Backdoors: The Art of Detection Engineering
Send us fan mail!
Hello to all our Cyber Daffodils! Host Selena Larson, and guest Host, Tim Kromphardt, sit down with Stuart Del Caliz, Senior Threat Detection Engineer at Proofpoint, to unpack the stealthy world of backdoors, malware detection, and the “secret signals” threat actors use to stay hidden.
From magic packets and port knocking to sophisticated backdoors like BPFdoor, Stuart shares how attackers design covert communication methods—and how defenders work to uncover them without overwhelming security teams with noise. The conversation blends deep technical insight with real-world analogies (think speakeasy knocks...
Regional Threats, Global Impact: A TA2725 Case Study
Send us fan mail!
Hello to all our Cyber Pals! Guest host Sarah Sabotka sits down with Senior Threat Researcher Jared Peck to unpack one of the most dynamic and persistent cybercrime groups operating today: TA2725, also known as “Grana.”
From its roots in Latin America to its global reach, TA2725 stands out for its adaptability—and its relentless pursuit of financial gain. Jared shares how the group evolved from a high-volume malware operator into a multifaceted threat actor running phishing, fraud, and malware campaigns simultaneously. The conversation dives into how Grana targets regions like Brazil...
TrustConnect RAT: Inside a Vibe-Coded Malware Ecosystem
Send us fan mail!
Hello to all our Cyber Pals! Host Selena Larson and co-host, Tim Kromphardt, chat with Tommy Madjar, Senior Threat Researcher from Proofpoint, to unpack one of the strangest malware investigations of the year: TrustConnect RAT.
What started as a seemingly legitimate remote management tool quickly unraveled into a bizarre, fast-evolving ecosystem of “vibe-coded” malware. TrustConnect masqueraded as a polished RMM platform—complete with fake testimonials, inflated customer counts, and even an extended validation (EV) code-signing certificate to appear trustworthy. But beneath the surface? Sloppy AI-generated web panels, exposed admini...
AI as a Tool, Not a Replacement: Malware Research in the Age of LLMs
Send us fan mail!
Hello to all our Cyber Pals! Host Selena Larson and co-host, Sarah Sabotka, chat with Kyle Cucci, and Dr. Chris Wakelin, Threat Researchers from Proofpoint. They unpack how artificial intelligence is shaping modern malware analysis and detection workflows.
The conversation explores how large language models are already embedded in day-to-day security operations—from accelerating rule creation and tooling development to helping analysts quickly interpret complex malware behavior.
Drawing on real-world examples from the team’s work, the episode highlights both the promise and the l...
Snowball Learning: Getting Real About Cybersecurity Training
Send us fan mail!
Hello to all our Cyber Pals! Host Selena Larson and co-host, Sarah Sabotka, chat with Dr. Bob Hausmann, Lead Cognitive Scientist of Human Risk Management at Proofpoint. They have a timely conversation on whether cybersecurity training actually works and what it takes to make it effective.
They unpack why traditional annual training and phishing simulations often fall short, and how insights from cognitive psychology can help organizations design awareness programs that truly change behavior. Drawing on Dr. Bob’s recent research, the conversation explores just-in-time nudges, microlearning, and ho...
Emerging Threats in 2026: Inside Proofpoint’s Detection Playbook
Send us fan mail!
Hello to all our Cyber Pals! Host Selena Larson and co-host, Tim Kromphardt, chat with Rich Gonzalez, Director of Emerging Threats at Proofpoint, to kick off 2026 with a behind-the-scenes look at how emerging threats are detected, tracked, and turned into real-world protections for defenders.
They explore what it really takes to keep pace with an always-on threat landscape, from rapid response to newly released proof-of-concepts, to why certain vulnerabilities like Log4j continue to dominate attacker activity years later. The conversation also digs into alert fatigue, the...
Operation EndOfYear: New Malware, Popular Tactics, and Where AI Is Taking Us
Send us fan mail!
Hello to all our Cyber Elves! Host Selena Larson chats with Daniel Blackford, Vice President of Threat Research at Proofpoint, for an end-of-year look at how the cyber threat landscape evolved—and what defenders should be preparing for in 2026.
They reflect on how the second half of 2025 brought meaningful shifts in attacker behavior, with familiar techniques becoming more professionalized and new malware emerging alongside identity-focused attacks. The conversation also explores why attribution is getting harder, how law enforcement disruptions are reshaping cybercrime ecosystems, and where AI is genuinely he...
Ho-Ho-Hold Up—Is That Message Real? Bad Santas Are Sending Seasonal Scams
Send us fan mail!
Happy Holidays to all our Cyber Pals!
Host Selena Larson, and co-guest ho-ho-ho hosts, Tim Kromphardt & Sarah Sabotka unwrap the surprising (and sometimes clever) ways cybercriminals use seasonal themes to trick both consumers and enterprises.
From fake party invites and too-good-to-be-true discounts to holiday-flavored malware and RMM delivery, the team breaks down how threat actors capitalize on increased spending, lower vigilance, and year-end business pressure. They share real examples—like “free Christmas tree” scams, fake travel itineraries, smishing campaigns, and even malware hidden behind a Christmas caroling invitation.
You’...
From Toasters to Botnets: Securing Everyday IoT
Send us fan mail!
Hello to all our Cyber Squirrels!
Host Selena Larson, and guest host, Tim Kromphardt sit down with Tony Robinson — Senior Security Research Engineer and “rule magician” from Proofpoint’s Emerging Threats team. Tony shares the story behind IoT Hunter, an open-source tool he created to automate writing detection rules for Internet of Things (IoT) vulnerabilities.
From routers and smart cameras to industrial control systems, Tony breaks down how IoT Hunter helps researchers and defenders cover hundreds of CVEs — from long-forgotten exploits to newly discovered zero-days...
Elect More Hackers: Tech Skills for Real-World Change
Send us fan mail!
Hello to all our Cyber Squirrels! Can hackers make great public servants?
Host Selena Larson, and co-guest hosts, Sarah Sabotka and Tim Kromphardt sit down with Andrew Brandt, Founder and Executive Director of Elect More Hackers — a nonprofit on a mission to get more cybersecurity and tech-minded thinkers into elected office.
Together, they explore how hackers and technologists can bring their problem-solving mindset into civic life — from teaching digital safety at local libraries to advising lawmakers on cyber hygiene, data privacy, and AI policy. Andrew unpacks why infosec professionals are u...
From Web Injects to Info Stealers: How Cybercriminals Stay Ahead
Send us fan mail!
Hello to all our Cyber Sleuths! Host Selena Larson, and guest host, Sarah Sabotka take you behind the scenes of the ever-changing world of cybercrime—where attackers innovate, scams evolve, and staying one step ahead is a constant challenge.
From remote monitoring and management (RMM) abuse to adversary-in-the-middle (AiTM) phishing, web injects, flashy malware lures, and the latest wave of information stealers, we unpack the tactics, techniques, and procedures shaping today’s threat landscape.
We talk about:
Why attackers are leaning on R...When Being Aware of Cybersecurity Means Knowing You're Human
Send us fan mail!
Hello to all our Pumpkin Spice Cyber Friends! It’s Cybersecurity Awareness Month — and what better way to kick it off than with a deep dive into the human side of cyber threats? In this episode host Selena Larson welcomes back guest and part-time co-host Sarah Sabotka, our “Cybersecurity Awareness Month Queen” and Staff Threat Researcher at Proofpoint. She joins us to break down why social engineering is at the heart of so many attacks.
We take a closer look at how scams and social engineering tactics are growing more sophisticated—and how th...
Hot sauce and hot takes: An Only Malware in the Building special
Send us fan mail!
Welcome in! You’ve entered, Only Malware in the Building — but this time, it’s not just another episode. This is a special edition you won’t want to miss.
For the first time, our hosts are together in-studio — and they’re turning up the heat. Literally. Join Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED, along with N2K Networks Dave Bittner and Keith Mularski, former FBI cybercrime investigator and now Chief Global Ambassador at Qintel, as they take on a fiery hot wings challenge while answering personal questions about themselves, their careers, and the stories that shaped them. Think you’ve seen them tackle malware mysteries before? Wait until you see them swea...
Freighty Cats: RFQ Phishing Comes to A Warehouse Near You
Send us fan mail!
Hello to all our Cyber Stars! In this episode host Selena Larson welcomes back guest and part-time co-host Tim Kromphardt, fresh from DEFCON, to explore the world of request-for-quote (RFQ) fraud—a growing scam targeting small- to medium-sized businesses with fake purchase requests and net financing schemes.
Tim explains how cybercriminals exploit legitimate business practices to steal physical goods like networking tools, surveillance equipment, and medical devices. Using stolen business credentials, fake domains, and freight forwarding services, these scams combine social engineering with real-world theft. He shares firsthand stories of engaging wi...
Direct Send Exploitation & URL Rewrite Attacks: What Security Teams Must Know
Send us fan mail!
Hello to all our Cyber Squirrels! In this extra-packed episode of Discarded, host Selena Larson welcomes Proofpoint Principal Research Engineer Jason Ford for his first appearance on the show. Together, they dive into two resurging email attack techniques—Microsoft 365 Direct Send abuse and URL rewrite abuse—and why defending against them requires more than just traditional email security.
Jason explains what Direct Send is, why attackers exploit this legacy feature, and how it enables phishing campaigns that appear to originate from inside an organization. From...
Phish, Chips & Voldemort: Inside China’s Cyber Targeting of Taiwan
Send us fan mail!
Hello to all our Cyber Panda Bears! In this extra-packed episode of Discarded, host Selena Larson and guest host, Sarah Sabotka reunite with Staff Threat Researcher Mark Kelly to dive deep into China-aligned espionage activity—this time with a focus on Taiwan’s semiconductor ecosystem and the strange, stealthy tools threat actors are using to get in.
Mark walks us through Proofpoint’s latest research on custom malware (yes, “Voldemort” is back), threat clusters with pun-filled names like UNK_SparkyCarp and UNK_DropPitch, and why Taiwan...
Threat Actor Theater: TA2541, TA558, and the Cyber Heist Crew TA582
Send us fan mail!
Hello to all our cyber pals! In this episode of Discarded, host Selena Larson and co-host, Tim Kromphardt, are joined by Joe Wise, Senior Threat Researcher at Proofpoint for a deep dive into the chaotic brilliance of mid-tier eCrime actors—including the elusive TA582.
We explore recent activity from TA2541 and TA558—two groups known for their uncanny consistency and precision targeting—before shifting focus to TA582: a standout in today’s threat landscape. TA582’s multilayered, region-specific lures (think vintage car sales and fake speed...
10 Things I Hate About Attribution: A Clustering Conundrum
Send us fan mail!
Hello to all our cyber detectives and pedantic CTI friends! In this episode of Discarded, host Selena Larson is joined by Greg Lesnewich, Staff Threat Researcher at Proofpoint for a behind-the-scenes look at one of the most frustratingly fascinating attribution cases yet.
What begins as a lighthearted rant: “10 Things I Hate About Attribution,” quickly turns into a deep dive into the murky overlap between TA829 (aka RomCom), TA289, and the elusive GreenSec cluster. From TransferLoader and malware panels to REM proxy infrastructure and attack chain similarities, Greg and Selena dissect the brea...
Comic Sans and Cybercrime: Inside North Korea’s Global Cyber Playbook
Send us fan mail!
Hello to all our Cyber Pals! In this episode of Discarded, host Selena Larson and co-host Sara Sabotka are joined by Saher Naumaan and Greg Lesnewich, teammates on the espionage threat research team at Proofpoint to unravel the multifaceted—and often bizarre—world of North Korean cyber operations.
The team explores:
What sets DPRK’s threat actors apart from other nation-state groupsA closer look at North Korea’s cyber and physical support for Russia in Ukraine<...Signatures and Surprises: Inside the Emerging Threats Team
Send us fan mail!
Hello to all our Cyber Masked Vigilantes! In this episode of Discarded, host Selena Larson and co-host Tim Kromhardt are joined by James Emery-Callcott, a Security Researcher on Proofpoint’s Emerging Threats team, for an insider’s look at the technical, tactical, and collaborative forces shaping modern network detection.
James takes us behind the curtain of rule writing, CVE coverage, and malware detection, breaking down how signatures are developed, validated, and deployed to protect against a constantly shifting threat landscape. From the f...
DBIR Deep Dive: Identity, Access, and the Expanding Attack Surface
Send us fan mail!
Hello to all our Cyber Stars! Join host Selena Larson, and guest host, Sarah Sabotka, as they sit down with Alex Pinto, Associate Director of Threat Intelligence at Verizon Business and the lead author behind the industry-defining Verizon Data Breach Investigations Report (DBIR). Together, they unpack the most pressing findings from the brand new VZDBIR, offering a behind-the-scenes look at how the reports are built—and what they reveal about today’s rapidly evolving threat landscape.
Alex shares how the editorial strategy behind the DBIR helps translate raw data from 100+ contributors into...
The ClickFix Convergence: How Threat Actors Blur the Lines
Send us fan mail!
Hello to all our Cyber Spring Chickens! Join host Selena Larson, and guest host, Sarah Sabotka, as they chat with Saher Naumaan, Senior Threat Researcher at Proofpoint, for a deep dive into how modern espionage and cybercrime are increasingly blurring lines.
At the center of the conversation is ClickFix—a fast-evolving social engineering technique originally used by cybercriminals but now adopted by espionage actors across at least three countries in just 90 days.
We explore:
how threat actors are borrowing each other’s tactics, techniques, and procedures (TTPs), creating “muddled...The Art of the Innocent Ask: How Threat Actors Use Benign Conversations
Send us fan mail!
Hello to all our Cyber Spring Chickens! Join host Selena Larson and guest hosts, Tim Kromphardt and Sarah Sabotka, both Senior Threat Researchers at Proofpoint.
These top sleuths crack open Proofpoint’s new Human Factor series and explore one of the most deceptively dangerous tactics in a threat actor’s playbook: the benign conversation.
What exactly is a benign conversation—and why is it anything but harmless? Whether it’s a simple “Do you have a minute?” or a seemingly legit job offer, these messages are often the opening moves in comp...
Diving Into Cyber Journalism: FOIA, Fraud, and the Fight Against Online Threats
Send us fan mail!
Hello to all our Cyber Cherry Blossoms! Join host Selena Larson and guest host, Tim Kromphardt, a Senior Threat Researcher, as they chat with Andrew Couts, Senior Editor, Security and Investigations at WIRED.
Andrew shares insights into his work overseeing cybersecurity coverage and investigative reporting, collaborating with newsrooms, and uncovering the hidden threats lurking in the digital world.
We dive into how cybersecurity and privacy reporting has evolved, the growing risks posed by data collection and surveillance, and the challenges of informing the public around security experimentation.
W...
RMM Tools: The New Cybercrime Trick?
Send us fan mail!
Hello to all our Remote Cyber Pals! Join host Selena Larson and guest host, Tim Kromphardt, a Senior Threat Researcher, as they chat with Staff Threat Researcher, Ole Villadsen, from Proofpoint. They explore the broader shift from traditional malware to commercially available tools that fly under the radar and how cybercriminals are increasingly abusing Remote Monitoring and Management (RMM) tools (sometimes called Remote Access Software) to gain initial access in email-based attacks.
Topics Covered:
The growing use of such tools like ScreenConnect, Atera, and NetSupport in cyberattacksHow threat acto...Your Best Defense against Social Engineering: The Gray-Matter Firewall
Send us fan mail!
Hello to all our Cyber Pals! Join host Selena Larson and guest hosts, Sarah Sabotka and Tim Kromphardt, both Senior Threat Researchers from Proofpoint, as they dive into the realities of current social engineering schemes —especially during high-risk times like tax season. Cybercriminals exploit fear, urgency, and excitement to manipulate victims, from IRS impersonation scams and fraudulent tax payment requests to deepfake cons and TikTok frauds.
Our hosts dive into real-world examples, including:
tax-themed phishing attackstech support scams targeting the elderlyjob scams leveraging Taylor Swift’s tourThey explore how...
Hiding in Plain Sight: How Defenders Get Creative with Image Detection
Send us fan mail!
Hello to all our Cyber Pals! Join host Selena Larson and guest host, Sarah Sabotka, as they speak with Kyle Eaton, Senior Security Research Engineer at Proofpoint.
They explore the evolving world of image-based threat detection and the deceptive tactics cybercriminals use to evade defenses. From image lures embedded in emails, PDFs, and Office documents to the surprising ways attackers reuse visuals across campaigns, this conversation break down how detection engineering is adapting to counter new threats.
There is also examination of how AI is shaping both cyber deception...
Cyber Groundhog Day and romance scams, featuring Only Malware in the Building
Send us fan mail!
Hey Cyber Pals! This week we are doing a very special spotlight on a recent episode from Only Malware in the Building. Our very own, Selena Larson, also co-hosts on this fabulous podcast.
Be sure to check it out and enjoy!
Find more OMIB: https://thecyberwire.com/podcasts/only-malware-in-the-building/9/notes
—------------------------------------------------
Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea a...
The Power of Partnerships: An Interview with the NSA’s Kristina Walter
Send us fan mail!
Hello to all our Cyber Magicians! Join host Selena Larson and guest host, Joshua Miller, as they speak with Kristina Walter, the Chief of NSA’s Cybersecurity Collaboration Center. They explore the cutting-edge collaborations between the NSA and industry partners to combat cyber threats, with a deep dive into the NSA’s Cybersecurity Collaboration Center (Triple C).Kristina sheds light on the growing awareness around cyber hygiene, the importance of collective defense, and the role of partnerships between government and private sectors in tackling malicious activity. She also offers practical advice for those...
The Battle for a Safer Internet: Inside Domain Takedowns and Threat Actor Tactics
Send us fan mail!
Hello to all our Cyber Magicians! Join host Selena Larson and guest host,Tim Kromphardt, as they speak with Hannah Rapetti, the Takedown Services Manager at Proofpoint. Hannah shares her fascinating journey from librarian to cybersecurity expert, detailing her path into the industry through certifications, CTFs (Capture the Flag), and the Women in Cybersecurity (WiCyS) community.The conversation dives into real-world examples, techniques, and strategies used to identify, track, and eliminate malicious domains.Key Topics Covered:Collaborative Efforts: How teams work together to identify scam websites, gather evidence, and escalate for takedown...
Hackers, Heists, and Heroes: The Evolving Ransomware Game
Send us fan mail!
Hello to all our Cyber Pals! Join host Selena Larson and guest, ransomware expert, Allan Liska, CSIRT at Recorded Future, drops by to share his creative take on cyber-themed graphic novels, proving there’s nothing ransomware can’t inspire—even superheroes.In this episode, we uncover the shadowy ecosystem driving ransomware attacks, from the industrialization of cybercrime to the rise of "small-batch" threat actors redefining chaos. Explore how Operation Endgame dealt a devastating blow to malware powerhouses like Pikabot and SmokeLoader, shaking trust within underground networks and leaving cybercriminals scrambling to regroup.
Stealth, Scale, and Strategy: Exploring China’s Covert Network Tactics
Send us fan mail!
Hello to all our Cyber Frogs! Join host Selena Larson and guest host, Sarah Sabotka, explore the evolving tactics of China-based nation-state threat actors with guest Mark Kelly, Staff Threat Researcher at Proofpoint. They focus on TA415 (APT41 or Brass Typhoon), examining its combination of cybercrime and state-sponsored espionage. From the Voldemort malware campaign to targeting critical infrastructure, Mark sheds light on how these actors leverage tools like Google Sheets for command and control, exploit vulnerabilities, and adapt to evade detection.The discussion also highlights:the strategic importance of edge devices, pre-positioning...
Scams, Smishing, and Safety Nets: How Emerging Threats Catches Phish
Send us fan mail!
Hello to all our Cyber Pals! Join host Selena Larson and guest, Genina Po, Threat Researcher at Emerging Threats at Proofpoint. She shares how she tackles emerging cyber threats, breaking down the process of turning data into detection signatures. Using tools like Suricata to create detections for malicious activity, she maps out her approach to writing rules that identify and block these threats.The goal? Equip companies to stay secure, and encourage listeners with the skills to spot and prevent scams on their own. Genina shares her journey tracking pig butchering scams through...
Pig Butcher Scammers Put Job Seekers On The Menu
Send us fan mail!
A note to our listeners, this episode contains some content our listeners might find upsetting including mentions of human trafficking.Hello to all our Pumpkin Spice Cyber Friends! Join host Selena Larson and guest host, Sarah Sabotka as they chat with senior threat researcher and fraud expert Tim Kromphardt. They talk about the world of pig butchering and crypto romance scams, where Tim discusses how these scams manipulate victims' feelings, making it incredibly hard to escape, even when presented with evidence of the scam. And how these threat actors have expanded their en...
Under Siege: How Hackers Exploit Cloud Vulnerabilities
Send us fan mail!
Hello to all our Cyber Ghosts! Join host Selena Larson as she chats with Eilon Bendet– Cloud Threat Researcher from Proofpoint. From account takeovers to state-sponsored hacks, they uncover how cybercriminals are outsmarting traditional defenses – and why even multi-factor authentication might not be enough to keep them out.Together, they discuss the complexities of cloud threat detection, including the role of User and Entity Behavior Analytics (UEBA) in identifying suspicious activities and preventing account takeovers (ATO). Eilon breaks down two primary ATO threat vectors—credential-based brute force attacks and precision-targeted phishing campaigns.
Also...
