Sean Gallagher  πŸ€ 

@thepacketrat@infosec.exchange
4.2K Followers
935 Following
1,062 Posts
Principal Threat Poker @ Sophos X-Ops. Natsec/Infosec Editor Emeritus and now infrequent contributor @ Ars Technica. Ex Navy officer and actual battleship sailor. Verified cat furniture. Bird paparazzo. Still mostly s***posting as @thepacketrat@twitter.com. Also federating @thepacketrat and @thepacketrat
Works atSophos
Works asPrincipal Threat Researcher
Non-Infosec thingsbirds, pottery, shoulder cats, media criticism, natsec
Twitterhttps://twitter.com/thepacketrat
bloghttps://fancybearfriends.org
Work bloghttps://news.sophos.com/en-us/author/sean-gallagher/
Sean Gallagher  πŸ€ 2h ago
Show threadmhoye7h ago
"look the computer can generate more code faster" the world absolutely does not need or want more code, nothing needs more code for the sake of code, we need utility, functionality and empathy, an encoded understanding of the problem being solved and the humans around it. Code is the price we pay for that encoded understanding. What you've created is an entropy spigot pointed at the proxy metric graph you’re stuck using because your management doesn't understand anything.
Show threadSean Gallagher  πŸ€ 2h ago
Anyway, your comments and suggestions are welcome. Feel free to beat on it at :
https://falling-anvil.com/cyberthreaterator/
CyberThreaterator

Show threadSean Gallagher  πŸ€ 2h ago
There are also some hidden tributes to friends in some of the data...
Show threadSean Gallagher  πŸ€ 2h ago
I mean, sure. It's essentially attribution dice... but better.
Sean Gallagher  πŸ€ 2h ago

I've made various improvements to CyberThreaterator over lunch breaks, while watching TV, and other non-work brain cycles. There's a plan here: eventually, I want to produce full threat briefs on demand for imaginary actors with IoCs and the rest of what you'd need to protect yourself against them if they were real.

Maybe even a pew-pew map.

Sean Gallagher  πŸ€ Jun 25
Show threadKevin BeaumontJun 24

An update on CVE-2025-5777, explaining why orgs should identify systems and patch.

https://doublepulsar.com/citrixbleed-2-electric-boogaloo-cve-2025-5777-c7f5e349d206

CitrixBleed 2: Electric Boogaloo β€” CVE-2025–5777 - DoublePulsar

Remember CitrixBleed, the vulnerability where a simple HTTP request would dump memory, revealing session tokens? CVE-2023–4966 You may have missed it, as the original CVE on 17th June 2025 referred…

DoublePulsar
Sean Gallagher  πŸ€ Jun 21
Night Herons nesting in Fells Point have gotten…numerous.
Sean Gallagher  πŸ€ Jun 21
Team building exercise.
Show threadSean Gallagher  πŸ€ Jun 19
For millenia these guys have swooped around marshes, creeks and ponds virtually unchanged (other than in size, possibly), the apex predators of airborne invertebrates (and in nymph node, of aquatic ones). Let's not f**k things up for one kind of evolutionary perfection (cats and sharks being other examples).
Sean Gallagher  πŸ€ Jun 19
Oh hi Evinrude
Γ—
Sean Gallagher  πŸ€ Jun 19

Been on radio silence here for a bit. Things are going well. I have finished up the first portion of my onboarding experience at Cisco and am now getting myself up to speed on the ways of Talos threat intelligence. All the people here are awesome. I am stoked.

Also, here’s someone who dropped by today to give me some hints on using Synapse.

Show threadRick ValenzuelaJun 19
@thepacketrat This is great to hear! Stoked for you too, and congratulations for landing in a happy place with a cool tool πŸ™ŒπŸ½
Show threadRichard "mtfnpy" Harman (he/him)Jun 19
@thepacketrat welcome!