Calling all graduates of the TCP/IP Weapons School class I taught from 2006-2012 -- we used to fool around with similar tactics and tools, especially in the late 2000s classes.

This is one of the reasons for my longstanding policy of not accepting connection requests from anyone but those with whom I’ve closely worked for at least several months. I believe in trying to improve the LinkedIn ecosystem.

I have a feeling that tracking and targeting Russian tactical nukes is intelligence requirement number one right now.

In 2019 I wrote a blog for Corelight, "Network security monitoring is dead, and encryption killed it." My goal was to debunk that long-standing myth. Apparently at least 1 security company didn't get the point. 🤦‍♂️#NSMlives despite encryption. Pls see: corelight.com/blog/examining…

If Elon Musk ends up buying Twitter, pay attention to Russian financing of the deal.

I highly recommend this BSidesAugusta talk by David J. Bianco on his #PyramidofPain. He explains how we implemented a strategy (10+ years ago) to detect and respond to intrusions before adversary mission completion, via threat intelligence-driven campaigns. youtube.com/watch?v=3Xrl6I…

I look forward to trying this. Wireshark is the gold standard for making it totally simple to try one form of network traffic observation. Download, install, run, select interface, see packets. Packet inspection isn’t everything, but it’s a key part of #networksecuritymonitoring.

Why does no one care about this story? x.com/josephfcox/sta… Is it because those who usually promote privacy also use this data? I read the vendor's rebuttal. It's a joke that they deny the usefulness of IP addresses for identifying individuals or patterns of life. End #Augury.

In case anyone needed a reminder that being a CISO is a serious responsibility - and obstructing FTC investigations is not in the job description - today is a wake-up call. If you’re a security professional, this should not be anything new. It’s time for cyber to leave Neverland.

CSOs: wondering what to do if pressured by board or execs to act illegally or unethically? Easy: resign. That's what high-level, high-responsibility execs do. It's part of being a professional. I resigned as director of IR when my new boss tried to force me to stack rank my team.

Much as you might love your team and job, it's better to resign than compromise your integrity. There is no shortage of open CSO or other security executive roles. If you find truly egregious conditions, you might become a legal whistleblower like Mudge. That takes real guts.

This is not a late "April Fool." This is real. I've been waiting months to say it. Now it's public. Microsoft is embedding The Zeek Network Security Monitor into Windows. This brings #networksecuritymonitoring to a potential billion+ endpoints. Hear Microsoft's take, Thu-Fri: zeek.org/zeekweek2022/

Speaking of Microsoft embedding The Zeek Network Security Monitor into Windows, here's a post I wrote in 2008 explaining why and how #networksecuritymonitoring on the endpoint would be helpful. It's so cool to see a concrete step in this direction, on a massively-deployed OS: taosecurity.blogspot.com/2008/02/nsm-at…

Prediction: heavily-regulated industries will be the first to see requirements to have their cybersecurity program headed by someone with some sort of state- or Fed-approved license. This is no different from general contractors needing a license, while workers need not have one.

I’m concerned about the following scenario. 1) RU “evacuates” civilians from Kherson. 2) UA approaches city to retake it. 3) RU destroys Kherson while retreating, and claims UA is responsible. 4) RU denies UA the territory via destruction and accuses UA of “war crimes.”

I'm pleased to see Suricata IDS/IPS getting some marketing love at my company Corelight's web page. We offer a true #networksecuritymonitoring platform at up to 100 Gbps, with all 4 NSM data types (alerts, transaction logs, extracted files, and pcap). go.corelight.com/why-switch-to-…

I’m concerned that Putin is planning a repeat of his 1999 Moscow apartment bombing. I’m worried he orders use of a “dirty bomb” in UA, maybe Kherson, and then blames it on UA. He’s already learned from recent Western tactics to give public early warning, except his would be lies.

As an ex-U.S. Air Force intel officer who was active duty in 1999, I enjoyed the new book "Shooting Down the Stealth Fighter," by the Serb personnel manning the S-125/SA-3. It's mostly about IADS, but it offers a ton of unclass details for #airpower fans. #ad amzn.to/3W9mBeX

If you'd like to read well-researched #history to abandon politically-driven myth, I recommend these 2 books: #ad The Gunpowder Age: #China, Military Innovation, and the Rise of the West in World History amzn.to/3SKG02J The Myth of the Lost Cause amzn.to/3STGfIS