Autonomous IT, Live! Inside the Breach — Identity Hijack Response Exercise, E04
Download MP3In this special live episode of Autonomous IT, Live! we walk through a high-stakes incident response drill that mimics a disturbingly realistic threat scenario: an attacker gains access to your internal tools — not by breaking in, but by logging in.
Here's the setup: a user unknowingly reuses compromised credentials with the company’s SSO provider. An attacker logs in, flies under the radar, and impersonates internal IT support using Slack, email, and calendar invites. Their goal? Convince employees to install a fake remote access tool—all while avoiding anyone likely to report suspicious behavior.
Join Landon Miles, Tom Bowyer, and Ryan Braunstein as they:
- 🔍 Investigate a suspicious login and Slack impersonation
- 🔐 Contain and remediate the breach using real-world tactics and tools
- 📉 Discuss phishing-resistant MFA, endpoint visibility, Slack impersonation risks, and more
- 🧠 Share tips on improving security awareness, incident playbooks, and interdepartmental collaboration
- 💬 Answer live audience questions about malware analysis, EDR response, and building detection rules
Whether you’re a security veteran or just starting out in IT, this episode offers an unfiltered look at how to respond when credentials are compromised and attackers act like insiders.
📎 Bonus: We also include a downloadable Incident Response Checklist to help your team run your own tabletop exercise.
🛡️ Because in today’s world, attackers don’t need to break in—they just need to log in.
Creators and Guests
Host
Landon Miles
Landon Miles is the host of the Hands-On IT podcast. Landon’s profound passion for technology isn't just evident in his voice, it’s apparent in how he breaks down cutting-edge tech trends, formats user-friendly tutorials, and gets into the weeds of the complexities of IT technologies. His approach makes the Hands-On IT podcast an essential resource for both seasoned IT pros and those new to the field, looking to enrich their tech experience. With a background that spans various facets of technology, Landon brings a wealth of knowledge and practical insights to each episode.
Host
Ryan Braunstein
Ryan Braunstein is the host of Patch [FIX] Tuesday and the Security Manager at Automox, boasting over a decade of experience in cybersecurity. With a strong technical background and a people-first attitude, Ryan excels at demystifying complex security challenges—from automating AWS environments to developing and implementing security tools. His collaborative approach and proactive mindset make him a trusted resource for IT professionals navigating the complexities of cybersecurity.
Host
Tom Bowyer
Tom Bowyer is a cybersecurity sentinel, guiding listeners through the digital wilderness with wisdom gleaned from the frontlines of security program development. As the Director of Security at Automox, his expertise spans secure software development, vulnerability management, and more, making him a lighthouse for those navigating the stormy seas of cybersecurity threats. On the Patch [Fix] Tuesday podcast, Tom shares invaluable insights, mitigation strategies, and the latest in custom automations for CVE remediations. His dedication to modern, effective security solutions makes him a pillar of trust and knowledge in the cybersecurity community.
