Secure AF - A Cybersecurity Podcast
Think like a hacker. Defend like a pro.
Welcome to the Secure AF Cybersecurity Podcast — your tactical edge in the ever-evolving cyber battlefield. Hosted by industry veterans including Donovan Farrow and Jonathan Kimmitt, this podcast dives deep into real-world infosec challenges, red team tactics, blue team strategies, and the latest tools shaping the cybersecurity landscape.
Whether you're a seasoned pentester, a SOC analyst, or just breaking into the field, you'll find actionable insights, expert interviews, and unfiltered discussions with Alias team members and top-tier guests from across the cybersecurity spectrum.
Stay sharp. Stay informed. Stay Secure AF.
Episodes
121 episodes
U.S.-Venezuela Tensions: Cyber Risks for American SOCs
In this episode of the #SOCBrief, we dig into how world events can trigger cyber fallout that lands directly on the desks of security teams. From ransomware crews capitalizing on instability to hacktivists launching DDoS attacks and opportunist...
•
6:32
When People Think They’ve Been Hacked
📱 This #SecureAF episode covers the everyday questions and concerns people have when they think something unusual is happening with their devices or accounts. Hickman and Peters talk through typical scenarios, common misunderstandings, and the ...
•
39:45
FortiWeb Zero-Day: Silent Patch and Firewall Wake-Up Call 🔥
This week’s #SOCBrief dives into the FortiWeb zero-day that’s letting attackers create admin accounts with a single unauthenticated HTTP request. With exploitation spiking and Fortinet pushing out a quiet fix, SOC teams are under pressure to lo...
•
6:36
The Halls: 2025 Hacker Gift Guide 🎁💻
We’re back with the Hacker Holiday Gift Guide, and this year’s lineup is stacked with RF gadgets, Wi-Fi tools, red-team essentials, and quirky cyber gifts Tanner swears by. Whether you’re shopping for a pentester, a tinkerer, or someone ...
•
Episode 96
•
26:17
Patch Tuesday: Zero-Day Alert and Patching Must-Dos ✅
A new zero-day. 63 flaws. Endless patching chaos. This week’s #SOCBrief breaks down Microsoft’s November Patch Tuesday and what it means for your SOC. We’ll cover the top critical CVEs, patching priorities, and how to keep your systems r...
•
7:11
⚠️ Insider Threats ⚠️: Ransomware Negotiators Gone Rogue
This week, we’re digging into a case where ransomware negotiators allegedly became the attackers themselves, leveraging insider access to hit organizations they were supposed to help. This one raises real questions about trust, vendor ...
•
6:12
The Art Of The Con (Cyber Edition) 🔐
In this episode, we break down the real mechanics of social engineering, from phishing emails and text scams to vishing calls and full-on physical pen tests. We share stories from the field, including how attackers build trust, why confidence i...
•
Episode 95
•
46:44
Atroposia RAT: The Malware That Scans for Its Own Exploits
🎙️ A new threat is making waves ... Atroposia RAT, a remote access trojan that doesn’t just infiltrate systems but scans them for vulnerabilities to exploit further. In this episode, we break down how this modular malware operat...
•
6:11
CAPTCHA Con: Hackers' Evolving ClickFix Malware Trap
“I’m not a robot.” 🤖Hackers are exploiting fake “I’m not a robot” CAPTCHA pages to deliver malware. Host Andrew Hickman breaks down how this ClickFix attack uses social engineering to steal data and evade detection...
•
7:50
RondoDox Botnet Expansion: The Shotgun Approach to IoT Exploitation
This week on the #SOCBrief, Andrew breaks down RondoDox, a rapidly growing botnet campaign taking aim at routers, DVRs, and IoT devices worldwide. With over 50 vulnerabilities across 30+ vendors, this “shotgun” exploitati...
•
7:19
Obscura Ransomware: Unmasking a Stealthy New Threat ⚠️
In this week’s #SOCBrief, Hickman and Peters break down Obscura ... a new ransomware variant making waves with aggressive evasion tactics, process terminations, and domain controller targeting. We cover what’s known so far, the ri...
•
12:25
🛡️ Pen Test Potential: How Organizations Are Missing Out on Fortifying the SOC 🛡️
What’s the real difference between a penetration test and a red team engagement, and how can each benefit your SOC? In this episode, Andrew is joined by Tanner, to unpack how pentests uncover vulnerabilities, how red teams stress-...
•
20:08
2025 SECCON Debrief
This week on #SecureAFPodcast, we’re recapping #SECCON 2025. From the keynote to the villages and everything in between, join us for a look back at the highlights, takeaways, and community moments that made this year’s conference our bes...
•
25:33
🚨 Ransomware Rising: Variants, Tactics, and Defenses in 2025 🚨
Ransomware is evolving faster than ever, from double extortion tactics to lightning-fast attack chains. In this episode, we break down how these threats work, why every organization is a target, and the layered defenses SOCs can use to detect a...
•
7:29
💢 FileFix Fiasco 💢 Steganography's Stealthy StealC Drop
In this episode of The #SOCBrief, we break down the rising FileFix attack, a new social engineering technique using steganography to deliver info-stealing malware. Learn how attackers disguise malicious PowerShell commands, the ...
•
5:53
Monitoring the Dark Web for Leaked Data in DFIR
🔎 This episode of The #SOCBrief dives into the world of dark web monitoring in digital forensics and incident response. Learn why leaked credentials are a top threat, how to safely detect exposures, and what steps SOC teams can take to s...
•
6:28
Mastering Incident Response: Essential for SOC Success
💡 This week on The SOC Brief, we’re breaking down incident response (IR) ... why it’s essential, how to build a strong plan, and what SOC teams can do to turn chaos into control. From preparation and containment to recovery and le...
•
8:41
DEF CON 33 Debrief
Fresh off the chaos of DEF CON 33, Tanner, Hickman, and Will break down the four-day hacker conference, from the eye-opening hacker villages and mind-bending talks to Hickman’s clutch CTF victory and Will’s bold dive into the Social Engi...
•
48:45
⚠️ Crypto24 ⚠️ Ransomware: Bypassing EDR and Bolstering Defenses
In this episode, we break down the emerging Crypto24 ransomware attacks that use living-off-the-land techniques to bypass EDR. We’ll explore how these attacks unfold and the defensive strategies SOCs and organizations can use, like layer...
•
8:22
🚨 Gone Vishing: The Recent Surge of Vishing Attacks
This week, we’re unpacking the phishing wave hitting SaaS platforms ... from social engineering to OAuth abuse and AI voice spoofing. Learn why people remain the #1 attack vector and how to stay one step ahead.
•
10:50
🚨 SonicWall Firewall Ransomware Breakdown
On this episode of the #SOCBrief, we break down attacks on SonicWall firewalls. A wave of ransomware, possibly exploiting zero-day vulnerabilities, is compromising even fully patched systems. Learn how SOCs can respond fast and stay ahead.
•
9:19
Spilling the Tea: What Happens When Apps Launch Without Locking Down Security ☕
This week’s SOC Brief unpacks how a misconfigured cloud bucket exposed 72,000+ user images from the Tea app, complete with geolocation metadata and real IDs. From national security risks to doxxing fallout, we break down what went wrong and wha...
•
13:23
🚨⚠️ A Critical ZERO-DAY (CVE-2025-53770)
A critical zero-day (CVE-2025-53770) is actively targeting on-premises SharePoint servers AND it’s already been used to compromise over 100 organizations. In this #SOCBrief, Andrew and Tanner break down how the exploit works and what steps your...
•
17:54
