In this post, I discuss one key difference in the thinking between sophisticated adversaries and many of the red teams that try to simulate them, as well as what that means for tradecraft and tooling.
https://t.co/FTEHcIsqsW
I don’t really talk about personal stuff on here, but this is important.
My daughter’s leukemia has relapsed. We’ve been admitted to the children’s hospital for treatment, but it’s going to be a long road. One of the potential courses of treatment is a stem cell transplant..
Efforts like this stimulate the thought that a threat to EDR efficacy more subtle than a malicious kernel driver is another (competing) event-driven system that supports progress on objectives through calculated CoA recommendations.
Pleased to see @SpecterOps onboard with shifting away from Human-Is-The-Loop decision making to approaches that can better empower operators in commercial red teams. We're all probably about a decade late to the party but better late than never. 😀
I know I haven't blogged for a bit, but I promise @tifkin_, @0xdab0, and I have been working on something cool! This is the first blog in a series on the problem set we've been tackling, leading up to what we've built to address it - "On (Structured) Data" https://t.co/kmLaQtHuTY
There is something about this description of contextuality that deeply resonates with my understanding of the interactions between defensive and offensive procedures.
I still think my understanding is limited, but consider the rephrasing of an excerpt from this article below:
In quantum mechanics, contextuality says that properties of particles, such as their position or polarization, only exist within the context of a measurement.
https://t.co/ezKswNNcIE
> Instead of thinking of the properties of procedures as having fixed values, consider them more like words in language, whose meanings can change depending on the context: “Time flies like an arrow. Fruit flies like bananas.”
@jaredcatkinson@nas_bench@michaelbarclay_ From the "attacker" standpoint, it is interesting to frame a nebulous concept like stealth into the quantitative exercise of reducing surprise in the telemetry that defenders receive.
@vysecurity Both are important. But self-reflecting on which of those two drives subjectively rank as fundamental can indicate something about mindset.
@vysecurity Another way to phrase it is: What tends to drive the search process toward an outcome? Is it driven by the study of technology in an environment or by the study of how desired information flows?
“The greatest goals are achieved through minor but continuous ekkedt [sic: effort].”
This quote from Anatoly Dneprov's thought provoking short story, "The Game" (1961) has resonated with me lately.
https://t.co/6wjpAYiwzE