🆕🆕 Thrilled to see new research from @Google Threat Intelligence Group on adoption & experimentation with AI from threat actors. Lot of great work from the team, including our collab with @GoogleDeepMind on mitigations & disruption. read it here: https://t.co/jRlZiPd9Ci

There's a lot going on in the AI threats space, and we're psyched to share a little sampling of our view into how actors are leveraging AI to bolster capabilities across a range of adversary use cases. Give it a gander & enjoy direct-to-VT malware links :D https://t.co/P2YWuYEijk

Threat actors spent decades pillaging global orgs for secrets and IP rel to software, semiconductors, pharma, biomed, aero, DIB, agro, energy, etc. What do you think they're working to steal today? What technology offers the promise of modernization and breakthrough capabilities?

If you need me I'll be in the Andromeda Galaxy

This is mostly correct, MCP is a standardized framework around api calls (that you likely implement yourself based on your remote interface). Back in 2023 when I first hooked up LLMs to custom tools that’s exactly how I thought about it. Still I believe the industry itself will

One thing that is often overlooked, is that intrusion sets (esp for hifi attribs) must have qualified crime scenes. Not just connected data points floating in space, but the data must be grounded in compromised assets, or seen at positively identified victims of intrusion crimes.

@stvemillertime Debuggers on malware are like the old roguelike RPGs with no formal save game feature and perma-death. You are following a linear path through the dungeon avoiding antianalysis traps and collecting loot in the form of IOCs. The graphics are much worse than those old RPGs.

The thing is, I *have* to finish all the little side quests before I get back to the main quest line, or else I'll always be wondering how all those loose threads might've woven into the fabric of the bigger picture.

I am a big believer in @InsideStairwell's strategy and platform. Scalable file analysis has been historically out of reach for most orgs. Imagine if you could run YARA across all your files, pivot via metadata, understand prevalence, identify impacted assets, see timelines & more

I've heard from several folks that their orgs are using YARA for 'sweeps' across file and memory content for targeted endpoints. Whether the scanning is done on-host or off, I would guess this could be in support of IR, hunting, or for assets that can't run typical EDR products.

For GTI / VT enterprise users: would you like the ability to do livehunt and retrohunt with Suricata rules, over pcap files (including sandbox, generated pcap)? Amongst many promising possibilities, what would you use this for?

For GTI / VT enterprise users: Do you use YARA rules outside of VT? How do you use them? Is there something they can do that other things cannot?

Smarter is not always better. A tale about YARA and YARA-X heuristics and optimizations. https://t.co/DdAXbmUE1s

I think of the NFL as less of a "sport" and more of an unscripted reality show. The ups & downs, fights, drama, the underdogs, the heroes. Once you think of it as a reality entertainment, it becomes less about stats and winning, and more about stories of the human experience.

Interesting tool if you are looking for a complement to strings, stringsifter and floss. StrangerStrings uses a trigram-based scoring model to calculate probabilities of character sequences. 👇 https://t.co/62WH2iOzSD

This is not shade, by the way. We're in our own messes, we're in other people's messes, we're sitting in this tepid sea of mistakes - and we're in it together.

Leaders will *always* bet on AI to solve technology debt, not only because it viably could, but also that's probs the easiest way to justify decades of bad investments & worse decisions. If it works they'll look like business gods & if it doesn't they can say AI isn't ready yet.

What should I spend my time digging into? Which data points are new and novel, which are rare and interesting, which ones are useless? I can't be expected to pivot on every little thing. Please do not show me data unless you help me understand it and empower me to act on it.

When I look at many security analysis platforms, I feel like I am swimming in an ocean of noise, without the ability to make decisions about what I am seeing. IPs and domains and extractors and files are great. But what do they mean? How can I tell what is useful and what is not?

One thing I continue to hate about most security tooling is that they often show me data without helping me understand what it means, with context to things like prevalence and relationships. *This* is not just the future of strings, but the future of analysis tooling.