Jack Crook

@jackcr

Principal Incident Responder for GE-CIRT and finder of bad guys - Former US Army Infantryman. Desert Storm and Somalia Veteran.

Richmond, VA, USA
findingbad.blogspot.com
Vrijeme pridruživanja: veljača 2009.
56 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @jackcr

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @jackcr

  1. proslijedio/la je Tweet
    1. velj

    Anyone know a Sr. level IDM architect focused on AAD looking for a gig? Send them my way.

    10 proslijeđenih tweetova 2 korisnika označavaju da im se sviđa
    Poništi
  2. 2. velj

    Raytheon engineer arrested for taking US missile defense data to China | ZDNet

    13 proslijeđenih tweetova 19 korisnika označava da im se sviđa
    Poništi
  3. proslijedio/la je Tweet
    28. sij

    Harvard University Professor and Two Chinese Nationals Charged in Three Separate China Related Cases

    69 replies 1.310 proslijeđenih tweetova 1.465 korisnika označava da im se sviđa
    Poništi
  4. 5. sij

    +1. Also pay attention to what the threat name indicates, file path, machine type (server/workstation) and role. Correlating with additional events on a machine may help highlight criticality. AV logs should definitely be consumed and alerted on where appropriate.

    AV should catch a capable red team at most once. Then they rework payloads and carry on. AV that catches a threat actor once completely jeopardizes their operation. Brittle AV signatures are cheap to build and _can_ be damn effective. Don't downplay the role they play.
    1 reply 12 korisnika označava da im se sviđa
    Poništi
  5. proslijedio/la je Tweet
    30. pro 2019.

    Submit your proposal here:

    Hey, don't forget! closes at 23:59 UTC tomorrow 🗓️
    5 proslijeđenih tweetova 2 korisnika označavaju da im se sviđa
    Poništi
  6. proslijedio/la je Tweet
    30. pro 2019.

    New: WSJ investigation into China’s Cloud Hopper cyber espionage campaign finds a scope of victims broader than known, as service providers struggled to kick out hackers. U.S. officials over time grew panicked about federal agency exposure. W/

    5 replies 136 proslijeđenih tweetova 117 korisnika označava da im se sviđa
    Poništi
  7. 30. pro 2019.

    Here's a good talk from the 2019 Cyber Defense Summit. @ ~33:50 are some additional areas to consider developing detection around.

    6 proslijeđenih tweetova 18 korisnika označava da im se sviđa
    Poništi
  8. 30. pro 2019.

    From external actors to the recruitment of insiders, don't be surprised if drastic change occurs. Study your past. Detect and hunt in the present. Prepare for the future. Never feel satisfied. (2/2)

    1 reply 4 proslijeđena tweeta 21 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  9. 30. pro 2019.

    2020 will mark 10 years that I've been with GE-CIRT. Something I've witnessed over time is that you can force change when it comes to the persistent targeting of data. Your ability to detect and stop an actor, time after time, will force this change. (1/2)

    5 replies 12 proslijeđenih tweetova 56 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    28. pro 2019.

    CTI teams need to work just as closely with IR as any other function. Sadly, they have no interaction in a lot of shops. Intel shouldn't exist to write "Russia bad" reports or pump a server full of IOCs.

    The future of cyber security will be based on much closer integration of , MSS, and . , in particular, needs to fully exploit the data available. The picture is much richer when EDR telemetry is available.
    7 proslijeđenih tweetova 26 korisnika označava da im se sviđa
    Poništi
  11. 24. pro 2019.

    This should be a sign to put twitter down and go enjoy the holidays.

    Can anyone explain why infosec Twitter is going nuts today?
    Poništi
  12. 22. pro 2019.

    For a SOC, your analysts pane of glass should not be the biggest learning curve they’re presented with. Strive to make data easily accessible, searchable, retainable and correlatable.

    5 replies 16 proslijeđenih tweetova 73 korisnika označavaju da im se sviđa
    Poništi
  13. proslijedio/la je Tweet
    22. pro 2019.
    Odgovor korisniku/ci

    I’ll always point to the “M” in SIEM as the problem. Most products were/are hyper-focused on the management of the info/events/alerts, never addressing the biggest need: Providing analysts with a platform/data/context to effeciently analyze and investigate potential incidents.

    1 proslijeđeni tweet 9 korisnika označava da im se sviđa
    Poništi
  14. proslijedio/la je Tweet
    5. pro 2019.

    Russian National Charged w/ Decade-Long Series of Hacking, Bank Fraud Offenses Resulting in Tens of Millions in Losses; 2nd Russian National Charged w/ Involvement in Deployment of “Bugat” Malware. Announced w/ , , , ,

    330 proslijeđenih tweetova 391 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  15. proslijedio/la je Tweet
    4. pro 2019.

    This is confused. Defenders never talk to "real attackers." How would that happen? DT is mistaking red teams for "real attackers." Of course blue and red should talk. However, defenders who counter in-the-wild attackers, not red teams, are learning from real life, not exercises.

    At , is kicking the conference off. "One of the most dangerous things are defenders who never talk to real attackers. All too often, that disconnect leaves policymakers learning from the movies."
    19 replies 10 proslijeđenih tweetova 56 korisnika označava da im se sviđa
    Poništi
  16. proslijedio/la je Tweet
    24. stu 2019.

    Important piece by on the defector to Australia, especially about the background of Wang and the PRC "charges" against him. "Defections are messy and we may never know the full story" via

    27 proslijeđenih tweetova 42 korisnika označavaju da im se sviđa
    Poništi
  17. proslijedio/la je Tweet
    22. stu 2019.

    A Chinese spy has risked his life to defect to Australia and reveal a trove of unprecedented inside intelligence on how China conducts its interference operations abroad. | Investigation

    148 replies 2.343 proslijeđena tweeta 2.806 korisnika označava da im se sviđa
    Poništi
  18. proslijedio/la je Tweet
    22. stu 2019.

    I created a feature request on the user feedback portal. Feel free to vote for it if you agree this is an important feature for cyber security professionals.

    Odgovor korisniku/ci @jaredhaight
    Did you know that in MSFT Teams - you cannot disable remote image fetching, and it tries to fetch the image before you hit send (so “defanging” the domain in the chat window will still cause an image fetch)
    11 proslijeđenih tweetova 20 korisnika označava da im se sviđa
    Poništi
  19. 22. stu 2019.

    "Within a year of being selected as a Talent Plan recruit, he quit his job, bought a one-way ticket to China" Look for commonalities as well as anomalies.

    Chinese National Who Worked at Monsanto Indicted on Economic Espionage Charges
    4 korisnika označavaju da im se sviđa
    Poništi
  20. proslijedio/la je Tweet
    21. stu 2019.

    Chinese National Who Worked at Monsanto Indicted on Economic Espionage Charges

    656 proslijeđenih tweetova 801 korisnik označava da mu se sviđa
    Poništi

@jackcr još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·