Collaborate Disseminate
Just what are “tactics”?IntroductionMITRE ATT&CK is a great resource, but something about it has bothered me since I first heard about it several years ago. It’s a minor point, but I wanted to document it in case it confuses anyone else.The MI… Continue reading MITRE ATT&CK Tactics Are Not Tactics
I was so pleased to read this Tweet yesterday from Greg Rattray:”Back in 2007, I coined the term “Advanced Persistent Threat” to characterize emerging adversaries that we needed to work with the defense industrial base to deal with… Since … Continue reading Greg Rattray Invented the Term Advanced Persistent Threat
The FBI intrusion notification program is one of the most important developments in cyber security during the last 15 years. This program achieved mainstream recognition on 24 March 2014 when Ellen Nakashima reported on it for the Washington Post … Continue reading The FBI Intrusion Notification Program
I published a new book!The Best of TaoSecurity Blog, Volume 2: Network Security Monitoring, Technical Notes, Research, and China and the Advanced Persistent ThreatIt’s in the Kindle Store, and if you’re Unlimited it’s free. Print edition to follo… Continue reading New Book! The Best of TaoSecurity Blog, Volume 2
By Richard Bejtlich, Principal Security Strategist, Corelight This post contains a warning and a solution for anyone using BPF syntax when filtering traffic for network security monitoring. Introduction I have been writing material for the Zeek docume… Continue reading Mixed VLAN tags and BPF syntax
Are you a network security monitoring dinosaur like me? Do you prefer to inspect your Zeek logs using the command line instead of a Web-based SIEM?If yes, try this one weird trick!I store my Zeek logs in JSON format. Sometimes I like to view the output… Continue reading One Weird Trick for Reviewing Zeek Logs on the Command Line!
Fake Book Someone published a “book” on Amazon and claimed that I wrote it! I had NOTHING to do with this. I am working with Amazon now to remove it, or at least remove my name. Stay away from this garbage!Update: Thankfully, within a day or so of… Continue reading I Did Not Write This Book
By Richard Bejtlich, Principal Security Strategist, Corelight Elections have two critical components. The first is the conduct of the election as visible to the participants. The second is the hidden aspect, that which is not visible to the participant… Continue reading The Election Is Six Months Away. Now Is the Time to Instrument Election Infrastructure.
I’m very pleased to announce that I’ve published a new book!It’s The Best of TaoSecurity Blog, Volume 1: Milestones, Philosophy and Strategy, Risk, and Advice. It’s available now in the Kindle Store, and if you’re a member of Kindle Unlimited, it’… Continue reading New Book! The Best of TaoSecurity Blog, Volume 1
CVE-2020-0688 Scan Results, per Rapid7tl;dr — it’s the title of the post: “If You Can’t Patch Your Email Server, You Should Not Be Running It.”I read a disturbing story today with the following news:”Starting March 24, Rapid7 used its Project Sonar in… Continue reading If You Can’t Patch Your Email Server, You Should Not Be Running It