Justin Warner

@sixdub

Security Engineer | Data Analysis | Threat Research | Adversary Emulation | Red Teamer | PowerShell Empire Dev | Reverse Engineer

Joined March 2012

Tweets

You blocked @sixdub

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @sixdub

  1. Pinned Tweet
    Jul 11

    New blog post that I co-authored with on some threat research the team at has done

  2. Dec 21
    Show this thread
  3. Dec 21

    Dismissing the value of "attribution" is common in the commercial space, typically referring to "true attribution". It is valuable for people to understand that there are diff types of attribution. IMO, associating threat activity w/known campaigns or TTPs is useful tactically

    Show this thread
  4. Dec 19

    Everyone go read this! Detection strategy is a super interesting area of research/study. I love the idea of this framework and documentation to ensure better knowledge of detection capability.

  5. Retweeted
    Dec 12

    Our CEO serving chicken and waffles this morning at ICEBRG HQ.

  6. Dec 8

    Love it! I have talked to several red teams, about the concept of "counter intel" where they monitor popular Intel sources and feeds for the presence of their indicators as a tip off. Addtl training audience and value. Helps ensure real bad guys might not be getting tips...

  7. Retweeted
    Dec 8

    It’s Q4. If you are in a pentest sweat shop questioning if your work is valued while you double book your time through the holidays, know there are better options. Our pentesters matter, we take our findings seriously, and we work as a team.

  8. Retweeted
    Dec 6

    Analytic trust is critical. Analysts and enterprises must trust their analytics for them to be useful. One component of that trust is outcome transparency - why did it do what it did? Can the outcome be validated?

  9. Dec 5

    I love looking at a histogram of activity to C2 servers during an IR and seeing the dip on the weekends. There really are humans on the other side! They too have habits and flaws.

  10. Retweeted
    Dec 3

    As a red teamer, if you ever have the opportunity to work a threat hunting or IR engagement, you should jump at the opportunity! You will be humbled by the challenges defenders deal with at scale and you will gain valuable insight into how they baseline normal and triage alerts.

  11. Retweeted
    Dec 1

    Atomic Sysmon configs individually mapped to the ATT&CK Matrix anyone? is on fire! All this now requires is a little code to enable selective merging of technique detections. Detection unit testing FTW! /cc

  12. Dec 1

    Seriously everyone... Read this thread. It is extremely insightful and reminds me in many ways of the eye opening experiences I had early on. Also, it's a fun read!

  13. Nov 30

    Been working a lot with Scala and Spark. Just when I got comfortable with it, I had to analyze some PowerShell and realized how much I missed it.

  14. Retweeted
    Nov 27

    The British forging German ration cards and dropping them over Germany during WW2 is my new favorite attack. Subversive exploitation of human nature to target the state. Clever af

    Show this thread
  15. Retweeted
    Nov 20
  16. Retweeted
    Nov 18
  17. Nov 17

    Great post with some thoughts on detection authoring using Apache Struts as an example. We saw it used in the wild but current sigs weren't detecting... Credit to

  18. Retweeted
    Nov 16

    Huge thanks to a great group from who worked literally until dusk today restoring the urban forest at Delridge and Myrtle!

  19. Retweeted
    Nov 15

    SMB and dce_rpc support finally coming to Suricata!

  20. Nov 11

    I typically only use this for infosec stuff but ... Must give a shout out to a friends restaurant, Sadies BBQ in Pearl City, Oahu. If you like local style Korean food and are in HI, check it out!

  21. Retweeted
    Nov 10

    Most PE files under System32 and SysWOW64 are hard links to the real file under \Windows\WinSxS\. This query finds files that do not match that pattern - defenders, you might want to take a closer look at these across your fleet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·