SOC analysts shoulder the largest cybersecurity burden, working around the clock to prevent, detect, assess, and respond to threats & incidents. The avg SOC sees 10k alerts/day. They may miss one- after all, they're only human, say Roselle Safran Utpal U.J. Desai ubm.io/2Tl1hFB

Well, you needed a long blog post on detection to spend your Tuesday evening? Here: blogs.gartner.com/anton-chuvakin…

My colleague Gorka Sadowski just provided a cool case of integrating SIEM and Deception technologies with automation at #GartnerSEC opening keynote

DEF CON Slides for my talk 'RACE - Minimal Rights and ACE for Active Directory Dominance' at #DEFCON27 are up : media.defcon.org/DEF%20CON%2027…

“We interdict the adversary’s ability to navigate the kill-chain by hunting across the battlespace for points of egress and exfiltration. We deploy precision cyber-munition countermeasures to neutralise deep-cover threats.” <— real or fake?

Join me and my colleagues, Sahir Hidayatullah and @tweet_a_t, today as we discuss how #deception and #ndr can be used together to enhance your defenses.

📊 Poll time. On average, how many alerts (not events) do you receive in your SIEM daily?

Stellar work by the Check Point Research team. Remotely exploitable. Patch / workaround now. research.checkpoint.com/2020/resolving… #sigred

For me, one of the most useful macro-level talks on #cybersecurity in recent years was this by Gadi Evron. A lot of us in #infosec have felt the Cassandra effect and spent time clearing up messes created by the long tail of flawed tech decisions. youtu.be/ie54gnjUtGA

.Kevin Fiscus of SANS Institute and our very own Sahir Hidayatullah talk offensive security, entrepreneurship, and of course deception technology. hubs.ly/H0tfPbD0

#throwbackthursday An oldie but a goodie. Sahir Hidayatullah and Varun Haran from ISMG Network News talk about why defenders need to think like the attacker and how deception technology helps security teams play offense. hubs.ly/H0tmws40

One thing we MUST change as an industry: Please stop focusing on the initial access point when breaches happen. There will always be a way in. I want to see people talking about why it wasn't detected sooner and where response failed.

In the last episode of The Great Debate webinar, Danny Jenkins & Sameh Sabry debated whether or not #ThreatHunting should be the top #cybersecurity priority right now. Read the recap: axoni.us/30payyX

To all the red teams out there... Have the words "Wow!! that threat intelligence feed really got us!" ever crossed your lips?

1/2 - Possible #activedefense measures against golang based XMRig. 1. Decoy public jenkins and tomcat pages to trap password guessing. 2. Open port 52013 on DMZ machines locally to prevent execution #infosec #DFIR Credits:intezer.com/blog/research/…

A tale of EDR bypass methods - s3cur3th1ssh1t.github.io/A-tale-of-EDR-… Special thanks to CCob🏴󠁧󠁢󠁷󠁬󠁳󠁿 and Rasta Mouse for answering all my questions! 🍻

We’re sponsoring #ZenithLive 2021, an event designed to help you navigate the digital future at cloud speed. Join @amol_s_kulkarni during tomorrow morning’s keynote to hear how CrowdStrike and Zscaler work together to deliver end-to-end protection. bit.ly/3xc7kN2

Had a fun chat with the inimitable haroon meer. In conversation, “they say never meet your heroes” — well, he’s one of mine, and I’m glad I met him. Much ❤️ to the Thinkst Canary team from all of us at Smokescreen, now Zscaler. Fight the good fight. Respect > competition.