People often ask why I pivoted away from malware. Sometimes I ask myself the same question. After all, everything I've published until recently was malware-focused - the talks, workshops, research. I literally built a community called OnlyMalware. The answer came from.

Attackers are human too - with deadlines, constraints, and pressure to succeed. If an attacker wants something, give it to them ;). The best deceptions aren't technically impressive - they're believably human.

When we got access to Git[Hub,Lab] on Red Teams - it was almost always $$$. So it's pretty awesome to see a couple folk and friends over on my old RT running a training giving away the secret sauce we used to pwn these orgs!. @dasonmavis wrote up a post on more details on the.

Table stakes first. Organizations shouldn't build their security posture around deception. While deception is unique in that it actively engages the adversary - it is no silver bullet, and ultimately another alert. Mature processes must exist prior to deploying deception.

An excellent, in-depth malware analysis article. Refreshing depth and clarity from @cyb3rjerry . Demonstrably understands Yara's strengths and weaknesses. Take note @cyb3rops.

Finally touched grass this year at Defqon 1.

How do you feel about threat intelligence?. For those who find it either useful, I’d be damn interested in understanding how you action it. Those who find it useless, why? . I’ll hold my opinions back for now. .

I've received positive feedback from folk at Internal Blue Teams at various organizations getting value out of it, sparking conversations, etc. Thank you to those reaching out - I greatly appreciate it - and as always I'm all ears for any feedback.

Check out these lovingly crafted infographics. I write and optimize these for the community - not myeslf. So you do prefer this approach vs the other ones/or you don't - do let me know!

Decided to try a new style of posts. You may notice - lot more infographics, small interactive elements, and a different style of writing.

Organizations deploying deception often plateau early, satisfied with catching automated tools while sophisticated threats slip through. We mapped out the common progression patterns in our latest post:. Curious what level your team would identify with!

(1) Ollie's EXCELLENT keynote.(I've attached a screenshot of notes from the talk). (2) Read Teaming -

If you give it a read, you may notice a lot of ideas/philosophy that bled into our recent blog post!.

Out of the several books I've read on deception, one book I highly enjoyed was the wonderful "Practise to Deceive" by Whaley. An incredible book that has shaped a lot of my personal views and mental models on deception.

RT @domchell: Seats are going fast on this. Join me, @_batsec_ and @__invictus_ for 4 days of action packed #redteam tradecraft https://t.c….

What sleeping on the floor for a year taught me about B2B SaaS… 🧵.