Source: Public Domain Pictures In the first post of the CRASH OVERRIDE Chronicles I outlined my plan for reviewing Dragos’ CRASHOVERRIDE report i…

Multi-part analysis series examining the Crash Override attack on Ukrainian electrical infrastructure using the Diamond Model framework.

The APT hype cycle: how threat groups go from feared to dismissed. Why both over and underestimating adversaries is dangerous.

A few weeks ago while teaching SANS FOR578 one of my students asked a great question by a student: What books or papers should a new cyber threat i…

Go into a tech interview, especially one for operations or security, and you’re more than likely going to get an interview question like this. “What happens when you put a URL in the address bar of a browser and hit enter?”.

U.S. government response to Russian election interference: sanctions, IOCs, and diplomatic actions against Grizzly Steppe.

This post gets political. People may agree or disagree based on their own experience or personal belief.

Strategic patience in DFIR: knowing when to wait for intelligence versus taking immediate action, inspired by Hamilton.

Learn why Python is the must-have programming language for computer network defense professionals.

Strategic framework for prioritizing threat intelligence collection from internal data to commercial feeds.