This year I facilitated a discussion – formally, a ‘Peer-to-Peer Session’ – at RSA focused on threat profiling. The concept of ‘threat profiling’ is usually new to infosec practitioners, who are typically used to ‘threat intelligence’, ‘risk management’, and similar terms. Threat profiling as a concept and practice refers to Read more…
RSAC Week is upon us, and with it will come a flurry of social media postings emphasizing the lack of value behind the event. Common criticisms include: an overwhelming focus on marketing, a lack of compelling technical content, and overemphasis on glitz. One could describe the event as a gigantic Read more…
The information security community is fundamentally no different from any other industry. Whenever a certain feature, concept, or buzzword bubbles to the top of the underlying conversational froth, entities (trying to make money) will attempt to appropriate this idea in some fashion to show that their product ‘fits’ the current Read more…
Kaspersky recently released a new public report on a group they refer to as ‘Slingshot’ (https://securelist.com/apt-slingshot/84312/). Aside from being a fairly complex adversary based on the description, one thing immediately struck me in the first paragraph: “This turned out to be a malicious loader internally named ‘Slingshot’, part of a Read more…
The idea of attribution has been on my mind a lot lately – so much so that I’ll talk to the issue twice in the next couple of months, on both sides of the Atlantic (BSidesCharm and X33Fcon). To recap my position and preview my upcoming presentations: the most practical Read more…
Prior to embarking on a full-time information or network security career, I served as a US Navy Information Warfare Officer (IWO) for five years. While ‘cyber’ took up the majority of my time, I also spent a large amount of time and effort on one of the original IWO reasons Read more…
Originally Published at Dragos Computer and network defense has typically focused on ‘indicators of compromise’ (IOCs) to drive investigations and response. Anomaly detection and modeling (e.g., machine learning approaches) are also increasingly used for alerting purposes, but due to the lack of context of adversary activity, they are of limited utility Read more…