NEW: Mercenary spyware is coming to the US.
ICE just quietly unsuspended their contract with spyware maker #Paragon.
Remember them? Caught earlier this year being used to hack Italian journalists.
This is bad, let's talk about how we got here 1/
jackpoulson.substack.com/p/exclusive-...
Let’s assume that the traditional “confusion matrix” we often use in science for measuring efficacy (TP/FP/FN/TN) is not available (and really, you shouldn’t use it). What metrics would you collect to directly or indirectly measure the efficacy and quality of your detection engineering efforts?
Expecting a tidal wave of attacks against knowledge generation.
Old playbook:
Step 1: source some overly academic prose / niche research.
Step 2: Strip any context.
Step 3: Ridicule the scholar & encourage attacks. Denounce the field.
Step 4: Call for federal funding cuts & bans.
#PIVOTcon25 #CfP is open and you can submit your proposals till 7 FEB 2025
Remember
- one track,30m
- no recording/streaming/tweeting. U should feel comfy to share more
- No TLP:WHITE
- Original content only
Let us guide u through with a little meme-thread
#CTI #ThreatIntel 1/10
Memes are now, law is later.
I’m coming for you for all my graphics needs from now on. Thanks.
Scenario: You’re airdropped into an org with tons of detection rules. What questions do you ask and why?
So far I’ve been examining source prominence, distribution of tactics (“Coverage”), and I’m working on mapping “intent” (what is the expectation of putting this signal in front of an analyst).
Those gloves came off after the demise and diaspora of Conti —which generally coincides with the war in Ukraine. We had 2ish years where healthcare targets were generally the realm of less “prolific” or capable affiliates but that era is long gone, sadly.
