| TaoSecurity | https://www.taosecurity.com/index.html |
| Blog | https://taosecurity.blogspot.com/ |
| https://www.linkedin.com/in/richardbejtlich/ | |
| Amazon | https://www.amazon.com/-/e/B001IR3KOW |
Episode 16 of the Corelight podcast is live. Dave Getman and I discuss the evolution of Corelight Investigator, the role of agentic triage in security operations, and how Corelight brings receipts to intrusion analysis.
https://www.youtube.com/playlist?list=PLBKbF72bCp2UtefR6_GhrKATP3tVD7Vev
https://open.spotify.com/show/2L2bkmbxaMxlz46xzhPNAH
https://podcasts.apple.com/us/podcast/corelight-defendrs/id1843154362
RE: https://infosec.exchange/@briankrebs/116661298779426573
I’m not surprised at all. This has always sounded like a personal vendetta by a former employee or contractor. I don’t buy the “mistreated independent genius researcher” angle either. This person is probably leaking the MS internal vuln catalog. Unfortunately the “infosec community” is dominated by vocal fans of offense, who earn their living by breaking things, proving my 2021 proposition that “Digital offense capabilities are currently net negative for the security ecosystem.”
https://taosecurity.blogspot.com/2021/02/digital-offense-capabilities-are.html
Episode 15 of the Corelight podcast is live. Greg Bell and I talk about Mythos and AI-accelerated vulnerability discovery and remediation. This was one of my favorite discussions thus far!
https://www.youtube.com/playlist?list=PLBKbF72bCp2UtefR6_GhrKATP3tVD7Vev
https://open.spotify.com/show/2L2bkmbxaMxlz46xzhPNAH
https://podcasts.apple.com/us/podcast/corelight-defendrs/id1843154362
Episode 14 of the Corelight podcast is live. I speak with Vince Stoffer on post-quantum cryptography. We discuss how network security monitoring can help defensive teams understand and manage this technology.
https://www.youtube.com/playlist?list=PLBKbF72bCp2UtefR6_GhrKATP3tVD7Vev
https://open.spotify.com/show/2L2bkmbxaMxlz46xzhPNAH
https://podcasts.apple.com/us/podcast/corelight-defendrs/id1843154362
Cybersecurity researchers at Kaspersky found that the attack compromised multiple versions of Daemon Tools, from 12.5.0.2421 through 12.5.0.2434. What made the campaign particularly difficult to detect was...
For 21 years, fast16 corrupted nuclear research calculations without anyone noticing. It predates Stuxnet by five years. The math was always wrong.
Episode 13 of the Corelight podcast is live. I speak with our VP of research, Ali Islam. We discuss how a research lab functions within a modern security company. Ali has advice for anyone who wants to get into this fun technical field.
https://www.youtube.com/playlist?list=PLBKbF72bCp2UtefR6_GhrKATP3tVD7Vev
https://open.spotify.com/show/2L2bkmbxaMxlz46xzhPNAH
https://podcasts.apple.com/us/podcast/corelight-defendrs/id1843154362
Mythos has definitively disproven this: “Given enough eyeballs, all bugs are shallow," known as Linus's Law, asserts that with a large enough base of beta-testers and co-developers, almost every software problem will be identified and fixed quickly. Coined by Eric S. Raymond in The Cathedral and the Bazaar (1999) to describe open-source development, it suggests collective scrutiny makes bugs easier to find.”
