Blog

Thanks for stopping by and checking out our blog. Please feel free to share your knowledge, experience, and other tips, tricks, comments on the blogs. They’ll be reviewed for professionalism and posted accordingly.

Three Myths About Threat Intelligence

For new readers, welcome, and please take a moment to read a brief message From the Author. 1. Threat intelligence is something you should provide your customers If threat intelligence products are not your flagship product or primary business function, then threat intelligence is not something you should provide as

Read More »

OSINT Data Sources: Trust but Verify

Thanks to @seamustuohy and @ginsberg5150 for editorial contributions For new readers, welcome, and please take a moment to read a brief message From the Author.  This article’s primary audience is analysts however if you are in leadership and seek to optimize or maximize the analysis your threat intelligence program is producing

Read More »

Outlining a Threat Intel Program

(estimated read time 27min) For new readers, welcome, and please take a moment to read a brief message From the Author. Executive Summary I recently crunched the high level basics of setting up a threat intelligence (abbreviated as Threat Intel) program into a 9-tweet thread, which was met with great appreciation

Read More »

Hacking Critical Infrastructure

For new readers, welcome, and please take a moment to read a brief message From the Author. Please accept my apologies in advance if you were hoping to read about an actual technical vulnerability in critical infrastructure or the exploitation thereof. Today we discuss a plausible strategic cby3r threat, and

Read More »

People Search Sites – Erase Me Please

The good folks over at Divine Intel (Twitter @divineintel) asked to borrow a little space on my blog as they are still getting their website set up. They’ve recently tweeted 21 URLs where you can go to submit requests to have your information removed from the people search sites, and

Read More »

Phishing the Affordable Care Act

Recently, while working on a project I was asked to gather some information on Blue Cross Blue Shield (BCBS) and something scary began to unfold.  I noticed that states have individual BCBS websites, and that there is no real consistency in the URL naming convention.  Then I began imagining the

Read More »

Strategic Threat Intelligence in the Digital Realm

Thank you @Ngree_H0bit and @TXVB for your editorials on this blog. Imagine if someone walked up to your job, and fired an automatic weapon at the building or detonated a bomb in the lobby. Then the police showed up the conversation went like this: LEO: “Did anyone die or get

Read More »

Beyond Whack-a-Mole “Intel”

In recent days I had some conversations with folks regarding the common INFOSEC comprehension of threat intelligence and what it really is, and we all come back a marketing buzz phrase “actionable intel”. My concern is that the definition of “action” seems to be getting diluted these days and at

Read More »

How’d They Know $PrivateDetails ?

THE SCENARIO Today a friend and colleague of mine shared that he got a really really good gmail login phish purporting to come from his home owners association president. Immediately my brain spins up because this is my friend and I asked some critical questions. 1) How did the phisher

Read More »