Kaspersky recently released a new public report on a group they refer to as ‘Slingshot’ (https://securelist.com/apt-slingshot/84312/). Aside from being a fairly complex adversary based on the description, one thing immediately struck me in the first paragraph: “This turned out to be a malicious loader internally named ‘Slingshot’, part of a Read more
The idea of attribution has been on my mind a lot lately – so much so that I’ll talk to the issue twice in the next couple of months, on both sides of the Atlantic (BSidesCharm and X33Fcon). To recap my position and preview my upcoming presentations: the most practical Read more
Prior to embarking on a full-time information or network security career, I served as a US Navy Information Warfare Officer (IWO) for five years. While ‘cyber’ took up the majority of my time, I also spent a large amount of time and effort on one of the original IWO reasons Read more
Originally Published at Dragos Computer and network defense has typically focused on ‘indicators of compromise’ (IOCs) to drive investigations and response. Anomaly detection and modeling (e.g., machine learning approaches) are also increasingly used for alerting purposes, but due to the lack of context of adversary activity, they are of limited utility Read more
I’ve played with blogging platforms and efforts previously, but have done so while in especially ‘non-public’ roles – as a US Navy Officer, as a member of Los Alamos National Laboratory, etc. Now that I’ve embarked on this grand private sector experiment with a subsequent increase in public interaction and Read more