One issue that came from my recent CYBERWARCON talk was an item of focus (or for others, limitation) when approaching the idea of what a “critical infrastructure attack” actually means. While I faced some (really good, topical) questions on my definition of “critical infrastructure”, a more public debate ensued over Read more…
Note: This blog post was significantly revised on 17 November 2019 after initial release on 12 November 2019. The primary alteration is within the second paragraph, noting that the initial event that inspired this blog post – an exchange between a security researcher/responder and a journalist – was much more Read more…
The most frustrating type of bad argument to refute are those which feature or rest upon a kernel of truth. In the worst, most-annoying scenario, one must deal with a counterparty that simply reasserts their position without hesitation resembling the chess-playing pigeon of Internet fame. More worrying still is that Read more…
On 02 November 2019, Brian Batholomew (at the time of this writing, at Kapsersky Lab) posted a very interesting Twitter poll. To summarize (or in case the poll is removed), the question can be simplified as the following: if someone bought leaked data from the Shadow Brokers, would you still Read more…
I recently had a discussion as to whether PSExec, the legitimate Microsoft Sysinternals tool often abused by malicious actors for remote code execution, should be included on a list of indicators related to a recent intrusion event. While my overall opinion of indicators of compromise (IOCs) as they are used Read more…
I previously recorded some thoughts on the new US government strategy in cyber defense known as “defend forward”. Recently, I had the pleasure and opportunity to take part in a Naval War College exercise implicitly testing this strategy’s implementation and execution in the context of civilian critical infrastructure cyber operations. Read more…
I recently had the pleasure to spend time in Krakow, Poland for the CONfidence event, where in addition to enjoying the conference I was fortunate to catch up with old friends. During several discussions with a colleague, we kept returning to NATO’s cyber posture vis a vis potential adversaries and Read more…