Malware Isn't Required—How Ransomware Groups Turn Legitimate RMMs Into a Weapon

Resources: https://linktr.ee/ReliaQuestShadowTalkJoin hosts John and Alex as they discuss:How a Chinese APT maintained access for over a yearWhy North Korean impersonation surged 116%Why attackers exploit the same foundational gapsJohn Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.Alexander Capraro: Alexander Capraro is a Cyber Threat Intelligence Analyst at ReliaQuest with over five years of experience in cybersecurity. With his prior experience as a Security Analyst, he specializes in incident response, malware campaign tracking, and OSINT investigations. 

Resources: https://linktr.ee/ReliaQuestShadowTalkJoin hosts Tehman and John as they discuss:Why ransomware now prioritizes exfiltration over encryption How attackers can exfiltrate your data in just 6 minutesWhy proactive darkweb monitoring is criticalJohn Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.Tehman Tariq: Sr. Manager of Cyber Operations at ReliaQuest. He has spent a majority of my career leading our Incident Response, Security Architecture, and Detection teams. As well has working hand in hand with CISOs to introduce automation allowing for the maturity of their security programs.

Resources: https://linktr.ee/ReliaQuestShadowTalkJoin hosts Brandon and John as they discuss:How attacker breakout times dropped to as little as 4 minutes Why ClickFix surged 200%Why behavioral detection is criticalJohn Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.Brandon Tirado: Director of Threat Research for ReliaQuest. A skilled cyber defense professional with a unique combination of management and hands-on experience. With a deep understanding of adversary motives and the tactics, techniques, and procedures (TTPs) they use to achieve their goals, Brandon enjoys operationalizing his knowledge to make it more difficult for adversaries to operate within the environments of ReliaQuest customers. His managerial and hands-on experience enriches ShadowTalk with practical and strategic viewpoints.

Resources: https://linktr.ee/ReliaQuestShadowTalkJoin hosts John and Tehman as they discuss:What attackers prefer over custom malwareHow signature-based detection failsProactive governance vs. reactive triageJohn Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.Tehman Tariq: Sr. Manager of Cyber Operations at ReliaQuest. He has spent a majority of my career leading our Incident Response, Security Architecture, and Detection teams. As well has working hand in hand with CISOs to introduce automation allowing for the maturity of their security programs.

Resources: https://linktr.ee/ReliaQuestShadowTalkJoin hosts Brandon and John as they discuss:Why extortion payment rates are the lowest everOrganizations paying ransomware but refusing data extortion demandsWhy defenders need both visibility and speedJohn Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.Brandon Tirado: Director of Threat Research for ReliaQuest. A skilled cyber defense professional with a unique combination of management and hands-on experience. With a deep understanding of adversary motives and the tactics, techniques, and procedures (TTPs) they use to achieve their goals, Brandon enjoys operationalizing his knowledge to make it more difficult for adversaries to operate within the environments of ReliaQuest customers. His managerial and hands-on experience enriches ShadowTalk with practical and strategic viewpoints.

Resources: https://linktr.ee/ReliaQuestShadowTalkJoin hosts Brandon and John as they discuss:Why traditional patch cycles can't beat attackers exploiting vulnerabilities in 24 hoursThe shift from reactive patching to predictive intelligence using EPSS and CISA KEVHow to defend against zero-days when patching isn't an optionJohn Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.Brandon Tirado: Director of Threat Research for ReliaQuest. A skilled cyber defense professional with a unique combination of management and hands-on experience. With a deep understanding of adversary motives and the tactics, techniques, and procedures (TTPs) they use to achieve their goals, Brandon enjoys operationalizing his knowledge to make it more difficult for adversaries to operate within the environments of ReliaQuest customers. His managerial and hands-on experience enriches ShadowTalk with practical and strategic viewpoints.

Resources: https://linktr.ee/ReliaQuestShadowTalkJoin hosts John and Tehman as they discuss:Why phishing emails are no longer the top malware delivery methodEmerging social engineering tactics: vishing, copy and paste abuse, and software impersonationHow campaigns have evolved from Black Basta to ShinyHuntersJohn Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.Tehman Tariq: Sr. Manager of Cyber Operations at ReliaQuest. He has spent a majority of my career leading our Incident Response, Security Architecture, and Detection teams. As well has working hand in hand with CISOs to introduce automation allowing for the maturity of their security programs.

Resources: https://linktr.ee/ReliaQuestShadowTalkJohn and Tehman as they discuss:How AI is enabling large-scale, high-speed attacksNation-states weaponizing AI for attack automationThe rise of sophisticated AI-generated malwareJohn Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.Tehman Tariq: Sr. Manager of Cyber Operations at ReliaQuest. He has spent a majority of my career leading our Incident Response, Security Architecture, and Detection teams. As well has working hand in hand with CISOs to introduce automation allowing for the maturity of their security programs.

Resources: https://linktr.ee/ReliaQuestShadowTalkJoin hosts Brandon and John as they discuss:How supply-chain attacks evolvedCampaigns targeting NPM package maintainersActionable defense strategiesBrandon Tirado: Director of Threat Research for ReliaQuest. A skilled cyber defense professional with a unique combination of management and hands-on experience. With a deep understanding of adversary motives and the tactics, techniques, and procedures (TTPs) they use to achieve their goals, Brandon enjoys operationalizing his knowledge to make it more difficult for adversaries to operate within the environments of ReliaQuest customers. His managerial and hands-on experience enriches ShadowTalk with practical and strategic viewpoints.John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.

Resources: https://linktr.ee/ReliaQuestShadowTalkJoin hosts Brandon and Tehman as they discuss:The resurgence of LockBit 5.0 and its December 2025 surge in named organizationsHow top ransomware groups like Qilin, Akira, and Clop dominated in 2025.Actionable defense strategies for organizations to proactively combat ransomware in 2026Brandon Tirado: Director of Threat Research for ReliaQuest. Brandon is a skilled cyber defense professional with a unique combination of management and hands-on experience. With a deep understanding of adversary motives and the tactics, techniques, and procedures (TTPs) they use to achieve their goals, Brandon enjoys operationalizing his knowledge to make it more difficult for adversaries to operate within the environments of ReliaQuest customers. His managerial and hands-on experience enriches ShadowTalk with practical and strategic viewpoints.Tehman Tariq: Sr. Manager of Cyber Operations at ReliaQuest. He has spent a majority of my career leading our Incident Response, Security Architecture, and Detection teams. As well has working hand in hand with CISOs to introduce automation allowing for the maturity of their security programs.