Richard Bejtlich – Page 8 – WindowsTechs.com

Defining Counterintelligence

Posted on July 22, 2018 by Richard Bejtlich

I’ve written about counterintelligence (CI) before, but I realized today that some of my writing, and the writing of others, may be confused as to exactly what CI means.The authoritative place to find an American definition for CI is the United St… Continue reading Defining Counterintelligence→

Why Do SOCs Look Like This?

Posted on June 28, 2018 by Richard Bejtlich

When you hear the word “SOC,” or the phrase “security operations center,” what image comes to mind? Do you think of analyst sitting at desks, all facing forward, towards giant screens? Why is this?The following image is from the outstanding movie Apoll… Continue reading Why Do SOCs Look Like This?→

Bejtlich on the APT1 Report: No Hack Back

Posted on June 25, 2018 by Richard Bejtlich

Before reading the rest of this post, I suggest reading Mandiant/FireEye’s statement Doing Our Part — Without Hacking Back.I would like to add my own color to this situation.First, at no time when I worked for Mandiant or FireEye, or afterwards, was t… Continue reading Bejtlich on the APT1 Report: No Hack Back→

Bejtlich Joining Splunk

Posted on May 15, 2018 by Richard Bejtlich

Since posting Bejtlich Moves On I’ve been rebalancing work, family, and personal life. I invested in my martial arts interests, helped more with home duties, and consulted through TaoSecurity.Today I’m pleased to announce that, effective Monday Ma… Continue reading Bejtlich Joining Splunk→

Trying Splunk Cloud

Posted on May 7, 2018 by Richard Bejtlich

I first used Splunk over ten years ago, but the first time I blogged about it was in 2008. I described how to install Splunk on Ubuntu 8.04. Today I decided to try the Splunk Cloud.Splunk Cloud is the company’s hosted Splunk offering, residing in Amazo… Continue reading Trying Splunk Cloud→

Importing Pcap into Security Onion

Posted on February 26, 2018 by Richard Bejtlich

Within the last week, Doug Burks of Security Onion (SO) added a new script that revolutionizes the use case for his amazing open source network security monitoring platform.I have always used SO in a live production mode, meaning I deploy a SO sen… Continue reading Importing Pcap into Security Onion→

Lies and More Lies

Posted on January 22, 2018 by Richard Bejtlich

Following the release of the Spectre and Meltdown CPU attacks, the security community wondered if other researchers would find related speculative attack problems. When the following appeared, we were concerned:”Skyfall and SolaceMore vulnerabilities i… Continue reading Lies and More Lies→

Addressing Innumeracy in Reporting

Posted on January 16, 2018 by Richard Bejtlich

Anyone involved in cybersecurity reporting needs a strong sense of numeracy, or mathematical literacy. I see two sorts of examples of innumeracy repeatedly in the media.The first involves the time value of money. Recently CNN claimed Amazon CEO Jeff Be… Continue reading Addressing Innumeracy in Reporting→

Remembering When APT Became Public

Posted on January 14, 2018 by Richard Bejtlich

Last week I Tweeted the following on the 8th anniversary of Google’s blog post about its compromise by Chinese threat actors:This intrusion made the term APT mainstream. I was the first to associate it with Aurora, in this post https://taosecurity… Continue reading Remembering When APT Became Public→

Happy 15th Birthday TaoSecurity Blog

Posted on January 8, 2018 by Richard Bejtlich

Today, 8 January 2018, is the 15th birthday of TaoSecurity Blog! This is also my 3,020th blog post.I wrote my first post on 8 January 2003 while working as an incident response consultant for Foundstone.I don’t believe I’ve released statistics for the … Continue reading Happy 15th Birthday TaoSecurity Blog→