Share this page!

J. A. Guerrero-Saade Profile picture
Twitter logo
4 Jul, 3 tweets, 1 min read
There's a lot of confusion around what actually happened with #Kaseya. We initially thought Kaseya was popped leading to a supply chain attack with a malicious update. However, if it's an 0-day on Kaseya VSA software then it's not a supply chain attack at that point.... #Pedantry
BUT! If popping VSA with an 0day leads to compromise of an MSP and their customers are subsequently hacked, that would constitute a supply-chain attack. (Early reports suggest as much) #Pedantry
If you need an easier short-hand for this whole incident, 'clusterfuck' will do.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with J. A. Guerrero-Saade

J. A. Guerrero-Saade Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @juanandres_gs

J. A. Guerrero-Saade Profile picture
31 Dec 19
Ok, I have to admit this @Apple vs. @CorelliumHQ business just doesn’t sit right with me. Let me @ @tim_cook and pretend to have some meaningful engagement regarding Apple’s larger security dilemma. #Thread
Everyone knows I’m a huge Apple fanboy. Until the cheese grater Mac Pro came out, I more or less had one of every apple product in my house (with some wiggle room). While I may gripe about missing function keys, there’s no system I’d rather use than MacOS and iOS.
I’ve also, at diverse points in my career, had the privilege to report ongoing APT campaigns directly to Apple alongside colleagues (h/t @craiu) and was treated kindly by folks invested in securing the Apple ecosystem within the means available to them.
Read 14 tweets
J. A. Guerrero-Saade Profile picture
29 Oct 19
Now that we’ve had some time to reflect, let’s break down the @NCSC & @NSAGov Turla advisory #thread ncsc.gov.uk/news/turla-gro…
1st point is that we (private sector threat intel researchers) mistook the provenance of Neuron and Nautilus. NCSC’s previous advisory denounced the use of both tools alongside Turla’s staple rootkit and we assumed new tools from the Turla devs but it seems they’d been stolen. Image
Keep in mind that the advisory is hinting at some dev access, some infrastructure access, but perhaps not complete access to Iran’s full operational stack. Turla first deploys the tool to their rootkit victims for testing and further functionality. Image
Read 17 tweets
J. A. Guerrero-Saade Profile picture
26 Mar 19
Those non-existent norms were originally shattered by Flame subverting the actual Windows Update mechanism via an unheard of md5 collision to impersonate signing certs (implemented in its GADGET module).
For the curious:
@alexsotirov 's slides on the MD5 collision in Flame: speakerdeck.com/asotirov/analy…
And Kaspersky's analysis of the GADGET module:
securelist.com/gadget-in-the-…
Flame really doesn't get the credit it deserves as the first public harbinger of so many trends we'd come to know all too well in cyberespionage over the following 7 years.
Read 5 tweets
J. A. Guerrero-Saade Profile picture
23 Dec 18
#AproposOfNothing.
It’s surprising how often folks mistake familiarity and expertise with one area as competency in a field writ large. This happens often in the vuln-dev vs AVs/TI debates, the ‘if you’d only used Chrome’ camp, and ‘experts’ vs the people debates.
It’s usually not worth engaging, however, I think it’s important to counteract myopic views that may affect effective recruitment in infosec writ large.
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @juanandres_gs has new unrolls!

Check out other threads from @juanandres_gs!

Read all threads by @juanandres_gs

:(