Posts

If you landed here without reading Part 1 of this article, I recommend you head there and give it quick read ;) Blind Threat Hunting? Let’s continue where we left off. The cyber security industry largely regards Threat Hunting as the art of seeking threats that we don’t know we don’t know (unknown unknowns). An example of this would be the activity of a threat actor that has dwelled in your network for months, exfiltrating data and disseminating back doors, unknown to your cyber team, avoiding the vast majority of your security controls....

I seem, then, in just this little thing to be wiser than this man at any rate, in that what I do not know I do not think I know either Socrates I only know one thing: that I know nothing Socratic Paradox In the same way that we hunt for cyber threats, we should strive to hunt for our own biases, which are also threats. These biases are usually encouraged and sedimented by the cyber industry....

It seems like ages since I wrote something that wasn’t shitty and boring. Some people on twitter remind me every now and then of the fresh narrative style I like so much by linking to old articles that a Diego with more time and enthusiasm enjoyed writing! Apparently my small and humble research on WMI Persistence (which was only possible because it stood on the shoulders of giants) back at the beginning of 2018 was somehow useful to people....