Send us a text Voice AI is moving fast — but so are the attackers. In this episode of the Traffic Light Protocol Podcast, Clint and Myles break down how scammers are exploiting Voice AI platforms with the same tricks that wrecked email and telecom decades ago: Premium-rate fraud dressed up in AI clothingBot-driven spam that floods calendars and burns ops teamsConsent loopholes where “user input” becomes an attacker’s best weaponThis isn’t FUD. It’s happening right now, and the industry risks ...
Send us a text In this episode of Traffic Light Protocol, we kick off our AI series with a hard look at how voice AI agents are being targeted; and how fast small businesses and startups can rack up serious bills overnight. Guest Myles Agnew returns to unpack how old-school telecom tricks are being repurposed in the age of SIP/VoIP and AI: caller ID spoofing, open SIP trunks, and automated call loops that tie up your agents and quietly burn cash. We break down how easy it is to spin up a low-...
Send us a text Unlock the secrets behind digital forensic investigations into AI chat platforms like ChatGPT, Claude, and Google's Gemini in this insightful episode. Learn the precise methods for discovering, extracting, and interpreting digital evidence across Windows, Mac, and Linux environments, whether it's browser caches, memory forensics, network logs, or cloud-based data exports. From identifying subtle signs of malicious AI usage and attempts to evade security controls, to piecing tog...
Send us a text Link to IRCO- Incident Response Copilot on Chat GPT https://chatgpt.com/g/g-68033ce1b26481919b26df0737241bac-irco-incident-response-co-pilot In this episode of TLP: The Digital Forensics Podcast, Clint dives deep into IRCO (a custom GPT designed specifically for DFIR and SOC analysts). From real-world cyber incidents to post-incident reporting and CTF training, IRCO acts like your AI-powered colleague: fast, focused, and built for real investigations or even CTF's. Learn ...
Send us a text Drawing inspiration from observing military special forces and over five years of hands-on DFIR experience, Clint explores the mindset, habits, and tactical processes that set top-performing IR teams apart. Clint Marsden explores the mindset, habits, and tactical processes that set top-performing IR teams apart. From threat intelligence workflows and detection-first thinking to deep forensic analysis and clear executive reporting, this episode is packed with real-world lessons,...
Send us a text Clint Marsden breaks down a critical cybersecurity report from intelligence agencies including the CSA, NSA, and FBI about the growing threat of AI data poisoning. Learn how malicious actors can hijack AI systems for as little as $60, turning machine learning models against their intended purpose by corrupting training data. Clint explains the technical concept of data poisoning in accessible terms, comparing it to teaching a child the wrong labels for objects. He walks through...
Send us a text This episode features the complete narration of my ebook: Mastering Sysmon – Deploying, Configuring, and Tuning in 10 Easy Steps, providing a step-by-step guide to getting Sysmon up and running for better threat detection and incident response. If you’re in security operations, digital forensics, or incident response, this episode will help you: Deploy Sysmon efficiently.Tune Sysmon logs for maximum insight while reducing noise.Use Sysmon for investigations—from process creatio...
Send us a text So You Want to Build Your Own DFIR CTF? Ever wanted to build your own Digital Forensics and Incident Response (DFIR) Capture the Flag (CTF) challenge but weren’t sure where to start? In this episode of Traffic Light Protocol, we share the how-to of CTF builders, making it easy for anyone—no pentesting skills required! Today's episode includes: Choosing Your CTF Theme – Using MITRE ATT&CK and APT tracking to craft a realistic attack scenario.Setting Up the Lab – S...
Send us a text Kicking off 2025, we're getting back to basics with something every cyber investigator needs to master—starting an investigation the right way. Too often, investigations get derailed because the right questions weren’t asked at the outset, evidence wasn’t properly handled, or reporting lacked clarity. In this episode, we cover how to build an investigation plan that keeps you on track, ensures consistency, and leads to better results. We talk about evidence volatility, log rete...
Send us a text Key Takeaways: Introduction to Hayabusa: Hayabusa is an open-source Windows Event Log Analysis Tool used for processing EVTX logs to detect suspicious activities in Windows environments.Critical Alerts Detection: The tool is capable of detecting a variety of suspicious activities, including WannaCry ransomware and unauthorized Active Directory replication.Efficient Incident Response: Hayabusa is ideal for incident response workflows, enabling teams to quickly triage and analyze...
Send us a text In this episode of Traffic Light Protocol, Clint Marsden is joined by Jonathan Thompson, a developer and AI enthusiast currently studying at Macquarie University. Together, they dive into how artificial intelligence (AI) is transforming the cybersecurity landscape and discuss Jon’s insights into AI’s potential applications in digital forensics, incident response, and everyday IT operations. The conversation touches on ethical considerations, potential job impacts, and how A...
Send us a text Episode 13 is another giant episode with a focus on what its like be in the mud working on real life forensic investigations. Jacob and Clint talk about ELK EDR, using Sysmon. Sandbox Environments: Jacob discusses the creation of a sandbox environment using an ELK stack combined with Sysmon, enabling in-depth malware analysis by capturing and analyzing detailed system activity. Automation in Investigations: Jacob emphasizes the importance of automating repetitive tasks, such a...
Send us a text In this episode of Traffic Light Protocol, we sit down with Myles, a cybersecurity veteran with over 15 years of Cyber experience and background as a Combat Engineer in the Army. Myles brings his unique perspective on integrating automation and cloud technologies into cybersecurity infrastructure deployment (Used specifically when deploying Velciraptor- an advanced open-source endpoint monitoring, digital forensic and cyber response platform). We delve into his journey ...
Send us a text Quotes: "Phishing targets the human element, the 'wetware,' often the weakest link in any security chain." - Clint Marsden "Phishing isn't just about poorly spelled emails anymore; it's about sophisticated campaigns that even cyber-aware individuals can fall victim to." - Clint Marsden "Effective defense against phishing involves not just technology but ongoing education and a culture of security awareness." - Clint Marsden Key Takeaways: Phishing attacks continue to ...
Send us a text Episode Title: "Unmasking APT40: Tactics, Challenges, and Defense Strategies" Key Takeaways: APT40 is a sophisticated Chinese state-sponsored cyber espionage group active since 2009. They target various sectors including academia, aerospace, defense, healthcare, and maritime industries. APT40 uses advanced tactics such as spear phishing, watering hole attacks, and living off the land binaries (LOLBINS). Digital forensics faces challenges in detecting APT40 due to their use of ...
Send us a text In this episode, Clint Marsden goes straight into 4 practical strategies that enable better forensics and stop data exfiltration, no matter the size of your budget. Clint covers deploying Sysmon for enhanced monitoring, and using Group Policy to tighten print and USB security. Event log cleared: Event ID 1102 ACSC Sysmon: https://github.com/AustralianCyberSecurityCentre/windows_event_logging Swift on security Sysmon: https://github.com/SwiftOnSecurity/sysmon-config Print...
Send us a text In todays episode of TLP - Traffic Light Protocol, Clint Marsden talks about Defending Against Scattered Spider: Understanding Their Tactics, Techniques, and Procedures. Key Takeaways Understanding Scattered Spider: Scattered Spider, also known as Roasted Octopus or Octo Tempest, utilizes various legitimate tools for malicious purposes. Common Tools and Techniques: They employ tools for reconnaissance (PingCastle, ADRecon), credential dumping (Mimikatz, Lazagne),...
Send us a text In this episode, we speak with Phil Ngo, a Primary Investigator in Accenture's global cyber response team. As a primary investigator, he is responsible for helping clients recover from major incidents as well as delivering proactive cyber services, such as threat hunting and tabletop exercises. Philip started his career as a high school teacher, before moving into IT support and eventually into cyber security six years ago. Philip has a worked across multiple indus...
Send us a text Show Notes: Episode on Containment, Eradication, and Recovery In this episode of Traffic Light Protocol, Clint Marsden explores the containment, eradication, and recovery phases of the NIST SP 800-61 framework for computer security incident handling. Key Topics Covered: Containment Strategies: Choosing appropriate containment methods based on the incident type, potential damage, service availability, and evidence preservation. Examples include power disconnect...
Send us a text In this conclusion of the Detection phase, Clint wraps up Incident Prioritisation. This includes Functional impacts of the incident, information impact of the incident and the recoverability of the incident. Not all of these are needed, or relevant when tracking your incident and Clint explains when to categorise incidents using these factors. To finish off, Clint discusses incident notification - Who are the stakeholders that need to be informed and included in your incident...