Like everyone else I’ve been following the tragic war in Ukraine and mourning the loss of life and humanitarian crisis. Professionally as an analyst in the threat intelligence and computer network defense world I’ve been considering what this war and spillover means for defending networks, especially as organizations like CISA keep putting out bulletins regarding threats of Russian nexus adversaries.
Victim Sites & Technology So all of those things were term or bits about generalized grid operations.
Source: Public Domain Pictures In the first post of the CRASH OVERRIDE Chronicles I outlined my plan for reviewing Dragos’ CRASHOVERRIDE report i…
Multi-part analysis series examining the Crash Override attack on Ukrainian electrical infrastructure using the Diamond Model framework.
The APT hype cycle: how threat groups go from feared to dismissed. Why both over and underestimating adversaries is dangerous.
Go into a tech interview, especially one for operations or security, and you’re more than likely going to get an interview question like this. “What happens when you put a URL in the address bar of a browser and hit enter?”.
U.S. government response to Russian election interference: sanctions, IOCs, and diplomatic actions against Grizzly Steppe.
Strategic patience in DFIR: knowing when to wait for intelligence versus taking immediate action, inspired by Hamilton.
Learn why Python is the must-have programming language for computer network defense professionals.
Introduction to osquery: Facebook’s SQL-based endpoint monitoring framework for Linux and macOS security.