Blog

Thanks for stopping by and checking out our blog. Please feel free to share your knowledge, experience, and other tips, tricks, comments on the blogs. They’ll be reviewed for professionalism and posted accordingly.

Beyond Whack-a-Mole “Intel”

In recent days I had some conversations with folks regarding the common INFOSEC comprehension of threat intelligence and what it really is, and we all come back a marketing buzz phrase “actionable intel”. My concern is that the definition of “action” seems to be getting diluted these days and at

Read More »

How’d They Know $PrivateDetails ?

THE SCENARIO Today a friend and colleague of mine shared that he got a really really good gmail login phish purporting to come from his home owners association president. Immediately my brain spins up because this is my friend and I asked some critical questions. 1) How did the phisher

Read More »

Large Foot Prints and Loud Noises

So milling around in some spam while on another research project, I started noticing something strange… how so many seemingly unrelated domains appeared in the Reply To address of the same spam campaign. I began digging into the domains for multiple campaigns and I am currently monitoring the behavior and

Read More »

What’s Under that Threshold?

This blog post is meant to be short, sweet and to the point so please forgive the brevity if you were looking for something in depth this time…. *THE LITTLE FISH* Many of us are trained to get the big fish, find the next cutting edge threat, defend against the

Read More »

Stop Having Sex for the First Time – part 2

In the first part of this article, I gave some various examples of how InfoSec teams are structured to fail or at the very least function very inefficiently. Next we’ll talk about how to achieve a more effective *INTEL* team – and how it will enable the development of intelligence

Read More »

Stop Having Sex for the First Time – part 1

As someone who’s been working on an OSINT project lately, I’ve had many surprises and hurdles because there’s poor organization to our execution and little to no information sharing between security functions in the same department. I recently got access to a very important piece of information/tool that resulted in

Read More »

Shodan – A Boogeyman’s BFF

If you’ve ever heard me talk on OSINT one of the points I drive home is one I learned early from a colleague, Ian Amit (@iiamit) that if what you present doesn’t cause a change in behavior, it isn’t threat intel, it is intel/information.  Here’s a story on how I

Read More »

Words Matter

One of the single most important techniques/activities when gathering intelligence (i.e. intel) from open source repositories is analytic reading. The second is properly presenting data/intel with relevant context. ANALYTIC READING This isn’t the kind of reading you do in the summer with a children’s book and litter of rug rats gathered

Read More »