The School of Athens is one of the most famous images of Renaissance painting, blending Classical historicism with an increasing appreciation for the intellectual history passed down from Greece to the Western world. The figures at the center of this image represent divergent views in how we reason about and Read more
Patrick Howell O’Neill and Chris Bing recently dropped a very interesting report on yet another possible action against Kaspersky by the US government. In this specific case, possible sanctions are oriented around larger actions against Russia, home of Kaspersky, but stands as yet another public blow to the security company Read more
This year I facilitated a discussion – formally, a ‘Peer-to-Peer Session’ – at RSA focused on threat profiling. The concept of ‘threat profiling’ is usually new to infosec practitioners, who are typically used to ‘threat intelligence’, ‘risk management’, and similar terms. Threat profiling as a concept and practice refers to Read more
RSAC Week is upon us, and with it will come a flurry of social media postings emphasizing the lack of value behind the event. Common criticisms include: an overwhelming focus on marketing, a lack of compelling technical content, and overemphasis on glitz. One could describe the event as a gigantic Read more
The information security community is fundamentally no different from any other industry. Whenever a certain feature, concept, or buzzword bubbles to the top of the underlying conversational froth, entities (trying to make money) will attempt to appropriate this idea in some fashion to show that their product ‘fits’ the current Read more
Kaspersky recently released a new public report on a group they refer to as ‘Slingshot’ (https://securelist.com/apt-slingshot/84312/). Aside from being a fairly complex adversary based on the description, one thing immediately struck me in the first paragraph: “This turned out to be a malicious loader internally named ‘Slingshot’, part of a Read more
The idea of attribution has been on my mind a lot lately – so much so that I’ll talk to the issue twice in the next couple of months, on both sides of the Atlantic (BSidesCharm and X33Fcon). To recap my position and preview my upcoming presentations: the most practical Read more
Prior to embarking on a full-time information or network security career, I served as a US Navy Information Warfare Officer (IWO) for five years. While ‘cyber’ took up the majority of my time, I also spent a large amount of time and effort on one of the original IWO reasons Read more
Originally Published at Dragos Computer and network defense has typically focused on ‘indicators of compromise’ (IOCs) to drive investigations and response. Anomaly detection and modeling (e.g., machine learning approaches) are also increasingly used for alerting purposes, but due to the lack of context of adversary activity, they are of limited utility Read more