As of this writing (late December 2019), an argument has continued through multiple social media formats on the value (or harm) created by “offensive security tools” (OSTs). As with most discussions taking place online, the discourse – rooted in an originating, absolutist blog post – has rapidly devolved into rival Read more
I recently watched a documentary about the Supermarine Spitfire – Spitfire: The Plane that Saved the World – one of the iconic airframes not only of the Second World War, but of military aviation from its start to the present. In addition to the documentary’s interviews with surviving Spitfire pilots Read more
Note: This post will refer and link to allegedly classified programs leaked by Edward Snowden, and potentially others, in the past several years. If accessing this article from certain networks, readers are strongly advised to preview links before following them due to the possibility that such an action may be Read more
One issue that came from my recent CYBERWARCON talk was an item of focus (or for others, limitation) when approaching the idea of what a “critical infrastructure attack” actually means. While I faced some (really good, topical) questions on my definition of “critical infrastructure”, a more public debate ensued over Read more
The most frustrating type of bad argument to refute are those which feature or rest upon a kernel of truth. In the worst, most-annoying scenario, one must deal with a counterparty that simply reasserts their position without hesitation resembling the chess-playing pigeon of Internet fame. More worrying still is that Read more
On 02 November 2019, Brian Batholomew (at the time of this writing, at Kapsersky Lab) posted a very interesting Twitter poll. To summarize (or in case the poll is removed), the question can be simplified as the following: if someone bought leaked data from the Shadow Brokers, would you still Read more
I recently had a discussion as to whether PSExec, the legitimate Microsoft Sysinternals tool often abused by malicious actors for remote code execution, should be included on a list of indicators related to a recent intrusion event. While my overall opinion of indicators of compromise (IOCs) as they are used Read more
I am writing this only a few days removed from Black Hat 2019 and Def Con 27, where both events featured a number of presentations on critical infrastructure or industrial control system (ICS) threats – but with a continuing lack of scope (or imagination) for the threat landscape. While identifying Read more
I previously recorded some thoughts on the new US government strategy in cyber defense known as “defend forward”. Recently, I had the pleasure and opportunity to take part in a Naval War College exercise implicitly testing this strategy’s implementation and execution in the context of civilian critical infrastructure cyber operations. Read more
I recently had the pleasure to spend time in Krakow, Poland for the CONfidence event, where in addition to enjoying the conference I was fortunate to catch up with old friends. During several discussions with a colleague, we kept returning to NATO’s cyber posture vis a vis potential adversaries and Read more