| Blog | https://detect-respond.blogspot.com |
| @DavidJBianco | |
| Twittodon | https://twittodon.com/share.php?t=DavidJBianco&[email protected] |
| Fave Shape | Pyramid |
RE: https://mstdn.social/@TalosSecurity/116686162688230798
I did a podcast talking about my newest open source project, EvidenceForge. Realistic synthetic log data turned out to be a lot more interesting of a project than I expected.
RE: https://infosec.exchange/@briankrebs/116681003015633285
The #1 most important qualification for any Executive Branch job is now loyalty to Dear Leader.*
* Not to imply at all that Dear Leader is loyal back.
Saw #1776 at our local community theater last night. One of my favorite musicals, and this was a banger.
Wok up this morning ready to vote for Independency!
If you think you have a "supply chain", you're wrong. What you actually have is a "supply web".
Changing your mental model can help you gauge supply web risks more accurately.
I released a new tool for creating synthetic security logs from a simulated network of hosts, sensors, and users. Think less "random log generator" and more "log simulator". You come up with a scenario, AI helps you build it, a deterministic script generates correlated Windows, Linux, Zeek, Snort, and firewall logs that tell a coherent story. Useful for training, detection engineering, SIEM testing, and more.
If AI driven attacks become more prevalent, it'll only be a matter of time before attackers push the token burden on to their victims, using the AI that's already (probably) there.
I'm calling it "living off the lAInd".*
*Jokey name. Probably will happen, though.
"Threat hunting is human-driven" and "AI threats require AI speed". How do you fit both of those into your threat hunting program? Well, I have some thoughts.
Join me as I kick off the @Antisy_Training Threat Hunting Summit, a free virtual event on June 17th!
RE: https://infosec.exchange/@chrissanders88/116573475766097465
This 100%! A lot of my work is figuring out how to use AI for security tasks *effectively*, which is a lot harder than just throwing AI at it and hoping things work out.
You really need to understand not only *what* the process is, but also *why* the process is before you go messing with it. This isn't even about AI; it's basic management stuff.
Everyone wants to know how good #AI is at vulnerability discovery, exploitation, and running automated attacks. Good, fine. That's useful.
What we really need, though, is for some of these frontier models to start worrying about the much more challenging, impactful problem of defense.
Let's see some good benchmarks here, and have model providers publish their results.
I'm excited to keynote the Antisyphon #ThreatHunting Summit, a free virtual event on June 17th.
Why am I excited? Because I get the chance to re-evaluate something I proposed as one of the fundamental pillars of hunting 10 years ago!
"Is It Time to Embrace Automated Threat Hunting?"
Check out the abstract, then register at the link below:
