We need to reset expectations. LLMs are not 'discovering' novel attacks or 0days. They are lowering the barrier for entry for all types of hackers. Embrace it, let it help you. Criminals already are: thehackernews.com/2024/04/micros…

Looking for effective ways to support the decision-making process of your stakeholders? My friend Aperture and Noise & I presented about this topic, specifically by utilizing 'attack trees', at this weeks FIRST CTI Conference.

Slides are now available via: github.com/gertjanbruggin…

I really cannot wait to share this one with you.

#DBIR will be out on May 1st, just in time for no one to be able to update their marketing pitches for the RSA Conference.

Join us at #SANSAiForum on Thursday, April 25 when Jorge Orchilles & Tim Schulz will share strategies, tips, and quick wins for how to start building an #AI Red Team.

➡️ Register for Free: sans.org/u/1uVn

#ReadTeam #PenTest

🥳 🎉 Folks, Fabian Bader, Thomas Naunheim & I are excited to launch Maester today after working on this over many long nights & weekends!

Maester is an open source, test framework that you can set up in minutes to test & continuously monitor your Microsoft security config

🧵⬇️

This is worth a read some cool hacking and Linux tooling in here.

cloud.google.com/blog/topics/th…

Spotted B-Sides Tampa IT Security Conference Learning some more Azure stuff with Christopher Peacock and a nice little demo Kuba Gretzky may recognize the tool

Nearly 2,000 registrations for B-Sides Tampa IT Security Conference this year!!!

Looking forward to seeing you all tomorrow!!!

If you were going to rank a bunch of C2s from an operators perspective what attributes would you use? Modularity? Built in opsec? Socks speed?

Cybersecurity is a field dominated by vendors selling what's often snakeoil. The reason is that purchasers are non-technical and are at the mercy of whatever vendors claim. You can't break out of the vendor-dominated scene unless you have technical management.

I should have stayed up for this race! My fantasy team did terrible but how about Ferrari!!!!! #InfoSecF1

Spent the last year Verizon running the offensive security team (more accurately called Readiness and Proactive Security) One of the innovative things I got to do was build an AI Red Team with Tim Schulz We will share lessons learned and how to get started
sans.org/webcasts/sans-…

Anyone have an extra ticket for Wicys? I have a direct report that has booked flight and hotel but now needs a ticket. This will be her first time attending, please RT for reach.

These terms are often conflated and it seems like more people just lump any type of “hacking” activity into “red”.

Jorge Orchilles did a write-up explaining the difference: sans.org/blog/shifting-…

No, running atomic red team for TXXXX does’t mean you now detect APT-Y’s procedures for TXXXX.

Conducting analysis of your coverage for a threat group via ATT&CK Navigator on technique IDs alone is a reductionist view of procedure variations, and does not appropriately convey

spencer I think people assume the goal is never getting caught at the expense of not adding value. At some point you have to balance both those things.

I'm thrilled to let you know that the agenda for the SANS Faculty Led event is now available. #SANSAIForum Mick Douglas 🇺🇦🌻 david_hoelzer @[email protected] Jess Garcia sethmisenar Jorge Orchilles Looking forward to hosting these talks on the forum on April 25. Register now!

Amazon is the new source for OST 🔥🔥

2nd race of the 2024 season in the books with Christopher Peacock taking P1. Paul Pols and I sharing the podium with him. Paul manages to hold on to the lead but a long way to go with 22 more races this season! #InfoSecF1