Falling in love with NSM again
When I started in cybersecurity, most web traffic wasn’t encrypted, which meant Firewalls and Network Intrusion Detection Systems played a critical role in detecting malicious activity. Endpoint visibility was limited—most organizations still relied on traditional Anti-Virus
UFOs and Mobile Malware - How Retaliation Against a Source Led Me to iVerify
For the past year and a half, I’ve been on one of the wildest adventures of my life, writing a book on UFOs and UAP. It has taken me through a painstaking process of finding and connecting with people who may hold valuable information for my work.
The Power of Proactive Cybersecurity with Domain and TLS Monitoring
It is often mistakenly believed that defenders cannot gain visibility into the early stages of the Cyber Kill Chain before the delivery phase.
A Five Year Retrospective on Detection as Code
Five years ago, I co-authored the first public paper on the concept of Detection as Code. While having some technical peers review this paper, we found that a few more advanced security programs were already utilizing this sort of method, just not publicly talking about it.
Detecting RegreSSHion - CVE-2024-6387 a Guide
Recently, the killer vulnerability research team at Qualys discovered a Remote Code Execution (RCE) vulnerability in OpenSSH that exploits a race condition within SSH. This vulnerability is particularly concerning because SSH is commonly exposed to the internet for remote system management.
Commonly Abused Linux Initial Access Techniques and Detection Strategies
The volume and quality of Threat Intelligence for Linux attacks have traditionally lagged behind that for Windows, despite Linux's significant cloud presence. Most reports have focused on reverse engineering Linux-based malware and attack tools.
A Deep Dive into Linux Ransomware Research
Over the past few weeks, I have done a deep dive into the public research available on Linux Ransomware, seeking to understand the broader landscape as there is an over emphasis on the Mirai botnet. I discovered that although there is an abundance of *outstanding* whitepapers and research pieces,
An Introduction to Adversary Emulation Platforms and their Use Cases w/ MITRE's Caldera
Have you heard of Adversary Emulation platforms, but aren't really sure what they are or how they work? Or perhaps think they are security tools reserved for only the most advanced teams with huge budgets? Let's take a look at what an Adversary Emulation platform is, go over some sample
Operationalizing Mitre's ATT&CK Framework
An introduction to the Mitre ATT&CK framework, the Mitre ATT&CK Navigator, and some example processes to get you started.
