Thoughts, Musings, and Other Items from the Worlds of Infosec, ICS, and Beyond

On Public Disclosure And Other Items

Kaspersky recently released a new public report on a group they refer to as ‘Slingshot’ (https://securelist.com/apt-slingshot/84312/). Aside from being a fairly complex adversary based on the description, one thing immediately struck me in the first paragraph: “This turned out to be a malicious loader internally named ‘Slingshot’, part of a new, and highly sophisticated attack platform that rivals Project Sauron and Regin in complexity.”   For those watching at home, Project Sauron and Regin – Read more

By Joe, ago

Attribution Confusion

The idea of attribution has been on my mind a lot lately – so much so that I’ll talk to the issue twice in the next couple of months, on both sides of the Atlantic (BSidesCharm and X33Fcon). To recap my position and preview my upcoming presentations: the most practical and useful form of attribution in operational network defense focuses on ‘how’ and not ‘who’. Essentially: defenders are best served by identifying a set of Read more

By Joe, ago

Learning Lessons from Navy Missile Defense for Infosec Planning

Prior to embarking on a full-time information or network security career, I served as a US Navy Information Warfare Officer (IWO) for five years. While ‘cyber’ took up the majority of my time, I also spent a large amount of time and effort on one of the original IWO reasons for being: anti-ship missile defense (ASMD) through electronic warfare (EW). When it comes to anti-ship missiles, there are multiple layers of defense up to and Read more

By Joe, ago

Threat Analytics and Activity Groups

Originally Published at Dragos Computer and network defense has typically focused on ‘indicators of compromise’ (IOCs) to drive investigations and response. Anomaly detection and modeling (e.g., machine learning approaches) are also increasingly used for alerting purposes, but due to the lack of context of adversary activity, they are of limited utility in tracking threats or informing investigations – thus, they will not be discussed in-depth here. Returning to IOCs, while they have value, the name indicates Read more

By Joe, ago

It’s Dangerous to Go Alone!

I’ve played with blogging platforms and efforts previously, but have done so while in especially ‘non-public’ roles – as a US Navy Officer, as a member of Los Alamos National Laboratory, etc. Now that I’ve embarked on this grand private sector experiment with a subsequent increase in public interaction and appearance, it seems only natural to branch out into deeper discussion than that afforded by Twitter and LinkedIn posts. So, this site exists to present and distill my thoughts on information security, ICS security, and the occasional random strategic thought into something (hopefully) valuable to the wider Read more

By Joe, ago