It is really important, in infosec and natsec, to understand if your adversary is making a tactical or a strategic choice.
For instance, why are they moving laterally? Is it because they just aren’t able to get their tool to run, or because they know exactly what system they want to reach on your network?
Is the immediate attack a distraction, or is it the point?
Good analysis and Intel is very important, for this reason. Not just a bunch of IOCs. Real operational understanding and intelligence.
If you do not understand the difference between tactics, strategy, and logistics I highly, highly recommend you read up on this. It’s one of those military concepts that really does apply to cybersecurity and business.…

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with Lesley Carhart

Lesley Carhart Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @hacks4pancakes

12 Jan
We aren’t going to just forget that one of “ours” in our professional community enabled the events of the past week, are we? What ended up happening to this chucklenuts?
I think about this genius a lot.
Knowing infosec I’m legitimately scared he still works there, has faced no real consequences, and I’ll see him on the board of a con in two years.
Read 5 tweets
12 Jan
I know I am not the first one to say this, but there are a lot of very well credentialed people in tech worrying what would happen if internet giants collectively de-platformed a group who isn't right wing, while totally erasing the fact that it already happened to sex workers.
(Which is not a reason not to worry about the power that internet giants and infrastructure provide and the ethical and legal complications. Just stop erasing an entire group of people, many of whom have suffered horrible abuse or worse as a result.)
If there was one thing I was brought up wrong about even by a relatively liberal, non-religious family, it was what sex workers go through each and every day, and how unfairly persecuted they are. I regret not knowing that sooner.
Read 4 tweets
11 Jan
I am so tired of conspiracy theories about
1) Nationwide blackouts
2) Nationwide internet takedowns

It's like suggesting somebody is going to simultaneously unscrew every screw of varying sizes and types in your home.
Neither of those things is happening in modern times without a nuke or an asteroid.
Also, the "national blackout" wet dream conspiracy theory is about the lamest one I can possibly think of - grow some post-apocalyptic creativity. Places all over the world do fine with unstable power. I think of 11 more interesting ways to destroy civilization by breakfast.
Read 11 tweets
10 Jan
We live in wild times. Absolutely unbelievable, what’s happened in the span of one week. So much precedent being set, too.
I find the Parler takedown especially fascinating. Yes, there’s schadenfreude because many awful humans are using it to hurt people, but it is also a glimpse into all the logistical and technical elements that make a modern social site “go”, who can cut them off, and how fast.
We watch malware site and infrastructure takedowns all the time, but those are often LEO backed and not normally like, web presences with MFA and legitimate payment processing.
Read 7 tweets
9 Jan
I would pay very serious and close attention to Mr. Nance. He is an eminently credible expert and I trust his judgement. Review your physical security plans at offices and data centers.
The safety and security of your people comes first. How are they protected, and how can they be rapidly evacuated or shelter safely in place? Have they recently drilled fire and active shooter scenarios? Is it essential they be on site?
After that, consider your disaster recovery, data security, and redundancy planning specific to physical attacks. What happens if there is major damage to a single data center or its links? Have these plans been reviewed and adjusted since the pandemic impacted operations?
Read 4 tweets
9 Jan
Many many tweeters who think Parler is down because of App Store removal, and also that that somehow violates their 1st Amendment rights.

Clarification: both of those things are untrue. ImageImage
Removing an app from the store simply makes it unavailable to download or update. The first amendment protects Americans from government suppression of free speech. Thank you for coming to my TED talk.
Twitter could change its TOS to ban all mention of pancakes, and promptly ban me for no other offense.
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!