Can't attend the #CTISummit live? Check out this thread of AMAZING graphic recordings by @mindseyeccf of various talks. Video recordings and slides will be available if you register here: sans.org/event/cyber-th…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Katie Nickels

Katie Nickels Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @likethecoins

11 Jan
A brief thread on the @CrowdStrike blog on SUNSPOT...as I read it. This confirms CrowdStrike was one of SolarWinds' IR firms, which we'd heard rumblings of before.
Why do I talk about naming things so much? This is why! CrowdStrike DOES NOT CALL THE ADVERSARY A BEAR. They call this an activity cluster named StellarParticle. This is important. It's also important to note that this is a different name than Solorigate...
Choosing their own name was a good analytic decision by CrowdStrike because they control what is defined as StellarParticle. So what I would say is that StellarParticle and Solorigate overlap, but they are clusters tracked by two different companies. (see )
Read 20 tweets
10 Jan
I've been trying to process the Capitol riots for days. @nytdavidbrooks' Friday commentary helped me work through what I feel. He noted how the Capitol is usually treated with reverence. That's how I acted when I was there. I spoke quietly and took time to reflect...
...on what the building and our democracy mean. To see rioters completely disregard and disrespect that disturbs me on a deep level. It felt like the low point of a slow decline of our democracy over the past 4 years. It felt surreal and like it wasn't the country I know & love.
I mourn the lives lost and wish their loved ones peace. I also mourn how far our democracy has fallen. We've all watched as it's happened, little by little, and I personally have felt helpless, even as I tried to take small actions.
Read 5 tweets
10 Jan
Organizing thread! As I clean up my office, my latest project has been organizing stickers. Several got ruined because they were so disorganized. ☹️ I started with some drawer organizers I had, thinking they'd work...then I realized there was so much wasted space on the shelf! Image
I've been on a "drawer" kick, so I ordered another set of small drawers that I previously got to organize hardware/screws. Viola! So much better! I like to use dry erase markers first, then live with it for a bit before making permanent labels. Oversized stickers go on top. Image
Of course, my methodology (h/t @thehomeedit) was to take all my stickers out and then categorize them. I quickly discovered I have a "reserve" collection of special stickers I want to hold on to. Image
Read 8 tweets
23 Dec 20
I'm generally a pretty positive person, but it's Festivus, so let's blow off some steam and air our #threatintel grievances. Threat intel feeds are just data feeds, they're not threat intel. Please stop naming groups after malware, it's confusing AF.
Nation states are not countries. CC @cnoanalysis en.wikipedia.org/wiki/Nation_st…
If you use fear, uncertainty, and doubt to sell things, you are a GRINCH and please stop.
Read 19 tweets
18 Dec 20
A threat of thoughts + actionable detection ideas from the latest Microsoft #Solorigate post...microsoft.com/security/blog/… ... this is a sweet diagram and hopefully helps make clear the different ways you could be impacted. Not every victim makes it past initial C2.
I think a lot of this we already knew, but lmk if there are nuggets in here that popped out.
Another super helpful explanation of the DGA C2 domains. I love the MS graphics people.
Read 14 tweets
16 Dec 20
Happening NOW! You can still join us here, and I'll be live-tweeting what @Robert_Lipovsky and @adorais share. sans.org/webcasts/star-… Image
.@Robert_Lipovsky kicking off with something I believe as well...crimeware is a greater threat to most orgs than state-sponsored threats. Even this week!
Many cyber crimes involve different jurisdictions - rarely is adversary infrastructure all in the same country, so law enforcement and private industry have to cooperate globally.
Read 28 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!