Richard Bejtlich πŸ’Ύ πŸ‡ΊπŸ‡¦(@taosecurity) 's Twitter Profileg
Richard Bejtlich πŸ’Ύ πŸ‡ΊπŸ‡¦

@taosecurity

Inactive on Twitter since 1 November 2022. Find me here: https://t.co/9xgPCjr0Rq

ID:17767238

linkhttps://taosecurity.blogspot.com calendar_today01-12-2008 00:49:30

23,3K Tweets

58,9K Followers

36 Following

Richard Bejtlich πŸ’Ύ πŸ‡ΊπŸ‡¦(@taosecurity) 's Twitter Profile Photo

If you'd like to read well-researched to abandon politically-driven myth, I recommend these 2 books:

The Gunpowder Age: , Military Innovation, and the Rise of the West in World History
amzn.to/3SKG02J

The Myth of the Lost Cause
amzn.to/3STGfIS

If you'd like to read well-researched #history to abandon politically-driven myth, I recommend these 2 books: #ad The Gunpowder Age: #China, Military Innovation, and the Rise of the West in World History amzn.to/3SKG02J The Myth of the Lost Cause amzn.to/3STGfIS
account_circle
Richard Bejtlich πŸ’Ύ πŸ‡ΊπŸ‡¦(@taosecurity) 's Twitter Profile Photo

As an ex-U.S. Air Force intel officer who was active duty in 1999, I enjoyed the new book 'Shooting Down the Stealth Fighter,' by the Serb personnel manning the S-125/SA-3. It's mostly about IADS, but it offers a ton of unclass details for fans. amzn.to/3W9mBeX

As an ex-@usairforce intel officer who was active duty in 1999, I enjoyed the new book 'Shooting Down the Stealth Fighter,' by the Serb personnel manning the S-125/SA-3. It's mostly about IADS, but it offers a ton of unclass details for #airpower fans. #ad amzn.to/3W9mBeX
account_circle
Richard Bejtlich πŸ’Ύ πŸ‡ΊπŸ‡¦(@taosecurity) 's Twitter Profile Photo

I'm pleased to see Suricata IDS/IPS getting some marketing love at my company Corelight's web page. We offer a true platform at up to 100 Gbps, with all 4 NSM data types (alerts, transaction logs, extracted files, and pcap). go.corelight.com/why-switch-to-…

account_circle
Richard Bejtlich πŸ’Ύ πŸ‡ΊπŸ‡¦(@taosecurity) 's Twitter Profile Photo

I’m concerned about the following scenario. 1) RU β€œevacuates” civilians from Kherson. 2) UA approaches city to retake it. 3) RU destroys Kherson while retreating, and claims UA is responsible. 4) RU denies UA the territory via destruction and accuses UA of β€œwar crimes.”

account_circle
Richard Bejtlich πŸ’Ύ πŸ‡ΊπŸ‡¦(@taosecurity) 's Twitter Profile Photo

Prediction: heavily-regulated industries will be the first to see requirements to have their cybersecurity program headed by someone with some sort of state- or Fed-approved license. This is no different from general contractors needing a license, while workers need not have one.

account_circle
Christian Kreibich(@ckreibich) 's Twitter Profile Photo

🚨🚨🚨 Plus, Microsoft is open-sourcing the Zeek changes involved! Joint work on the PRs is already underway. This is fantastic news, surely one of the most exciting developments in the history of the Zeek project.

account_circle
Richard Bejtlich πŸ’Ύ πŸ‡ΊπŸ‡¦(@taosecurity) 's Twitter Profile Photo

Speaking of Microsoft embedding The Zeek Network Security Monitor into Windows, here's a post I wrote in 2008 explaining why and how on the endpoint would be helpful. It's so cool to see a concrete step in this direction, on a massively-deployed OS: taosecurity.blogspot.com/2008/02/nsm-at…

account_circle
Richard Bejtlich πŸ’Ύ πŸ‡ΊπŸ‡¦(@taosecurity) 's Twitter Profile Photo

This is not a late 'April Fool.' This is real. I've been waiting months to say it. Now it's public. Microsoft is embedding The Zeek Network Security Monitor into Windows. This brings to a potential billion+ endpoints. Hear Microsoft's take, Thu-Fri: zeek.org/zeekweek2022/

account_circle
Richard Bejtlich πŸ’Ύ πŸ‡ΊπŸ‡¦(@taosecurity) 's Twitter Profile Photo

Much as you might love your team and job, it's better to resign than compromise your integrity. There is no shortage of open CSO or other security executive roles. If you find truly egregious conditions, you might become a legal whistleblower like Mudge. That takes real guts.

account_circle
Richard Bejtlich πŸ’Ύ πŸ‡ΊπŸ‡¦(@taosecurity) 's Twitter Profile Photo

CSOs: wondering what to do if pressured by board or execs to act illegally or unethically? Easy: resign. That's what high-level, high-responsibility execs do. It's part of being a professional. I resigned as director of IR when my new boss tried to force me to stack rank my team.

account_circle
Richard Bejtlich πŸ’Ύ πŸ‡ΊπŸ‡¦(@taosecurity) 's Twitter Profile Photo

In case anyone needed a reminder that being a CISO is a serious responsibility - and obstructing FTC investigations is not in the job description - today is a wake-up call. If you’re a security professional, this should not be anything new. It’s time for cyber to leave Neverland.

account_circle
Richard Bejtlich πŸ’Ύ πŸ‡ΊπŸ‡¦(@taosecurity) 's Twitter Profile Photo

Why does no one care about this story? twitter.com/josephfcox/sta… Is it because those who usually promote privacy also use this data? I read the vendor's rebuttal. It's a joke that they deny the usefulness of IP addresses for identifying individuals or patterns of life. End .

Why does no one care about this story? twitter.com/josephfcox/sta… Is it because those who usually promote privacy also use this data? I read the vendor's rebuttal. It's a joke that they deny the usefulness of IP addresses for identifying individuals or patterns of life. End #Augury.
account_circle
Richard Bejtlich πŸ’Ύ πŸ‡ΊπŸ‡¦(@taosecurity) 's Twitter Profile Photo

I look forward to trying this. Wireshark is the gold standard for making it totally simple to try one form of network traffic observation. Download, install, run, select interface, see packets. Packet inspection isn’t everything, but it’s a key part of .

account_circle
Richard Bejtlich πŸ’Ύ πŸ‡ΊπŸ‡¦(@taosecurity) 's Twitter Profile Photo

I highly recommend this BSidesAugusta talk by David J. Bianco on his . He explains how we implemented a strategy (10+ years ago) to detect and respond to intrusions before adversary mission completion, via threat intelligence-driven campaigns. youtube.com/watch?v=3Xrl6I…

I highly recommend this @BSidesAugusta talk by @DavidJBianco on his #PyramidofPain. He explains how we implemented a strategy (10+ years ago) to detect and respond to intrusions before adversary mission completion, via threat intelligence-driven campaigns. youtube.com/watch?v=3Xrl6I…
account_circle
Richard Bejtlich πŸ’Ύ πŸ‡ΊπŸ‡¦(@taosecurity) 's Twitter Profile Photo

In 2019 I wrote a blog for Corelight, 'Network security monitoring is dead, and encryption killed it.' My goal was to debunk that long-standing myth. Apparently at least 1 security company didn't get the point. πŸ€¦β€β™‚οΈ despite encryption. Pls see: corelight.com/blog/examining…

account_circle
Richard Bejtlich πŸ’Ύ πŸ‡ΊπŸ‡¦(@taosecurity) 's Twitter Profile Photo

This is one of the reasons for my longstanding policy of not accepting connection requests from anyone but those with whom I’ve closely worked for at least several months. I believe in trying to improve the LinkedIn ecosystem.

account_circle