Bryan Austin

The FLARE team now freely distributes its quality reverse engineering and malware analysis educational content at github.com/mandiant/flare…. Launched with: - Malware Analysis Crash Course - Go Reversing Reference - Intro to TTD

5 SIEM rules I actually use every day in production (and why they work) I triage 200+ alerts daily in my remote SOC role. These 5 rules have cut my false positives by ~40% and caught real threats. Thread 👇 #SOC #BlueTeam #SIEM

The evidence is clear, this is not a Tomahawk Iran alleged that an American Tomahawk Cruise Missile hit a school (buried in an IRGC compound) in southern Iran, killing 165 people. Analysis of a newly released video tells a different story. ANALYSIS: A-I analysis confirms the wings of the munition in question sit about 40%-45% down the body of the munition. On a Tomahawk, the wings sit roughly 49%-50% down the body of the munition. The wing to body ratio of the munition in question matches an Iranian Kh-55–derived Land Attack Cruise Missile. Further, the video shows the munition in a steep dive angle for the final attack phase. This places the attack angle at approximately 70%, which is the max attack angle for a Tomahawk. The attack angle does not match the KH-55. That angle maxes out at about 55 degrees. So what would have caused this? CONCLUSION: The wing positioning alone makes the munition impossible to be a Tomahawk. The attack angle is at the max of the Tomahawk's capabilities. The typical attack angle for a Tomahawk is much lower than 70 degrees. The typical angle is between 20-45 degrees. This is due to the flight pattern of Tomahawks. They fly very low horizontally to the ground, often only 50-100 meters AGL to avoid detection and interception. In order to achieve that attack angle, the missile would have had to gain altitude several kilometers away, this would leave it vulnerable for interception. This is highly unlikely on the first day of US attacks. So what could have caused this? Simply put, GPS jamming of an Iranian KH-55. The USA and Israel were, and continue to actively jam the Iranian airspace. If the KH-55's signal was jammed, this could result in an uncontrollable dive. Think of GPS jamming more like disorienting the missile. On 03/07 President Trump stated: “No, in my opinion, based on what I’ve seen, that was done by Iran.” Today, I concur with the President.

I want to share a quick thought for people in cyber security. This will be my longest tweet ever. I’ve spoken to many lately who are having an existential crisis from the constant posts about “the end of cybersecurity jobs.” Yes, things are changing quickly. This is a significant moment for the tech industry. Change can be uncomfortable. But we’ve seen cycles like this before. • When GitHub and open source took off, people said software engineers would disappear because code was free. • When AWS and cloud computing emerged, people said infrastructure jobs would vanish. • When fuzzing and SAST tools improved, people said vulnerability research would disappear. • Virtualization would eliminate infrastructure jobs. • Mobile computing was going to end desktop dev. • Exploit mitigations would end exploitability. It didn't. Each time automation improved, the amount of software grew faster than the automation. It does feel "different" this time as it's explosive. Some roles will shrink: • repetitive pentesting • basic vulnerability scanning • tier-1 SOC monitoring But other areas are expanding rapidly: • AI system security • supply chain security • identity architecture • autonomous agent security • critical infrastructure protection Historically, every time we eliminate one class of bugs, new classes emerge. Right now people are vibe-coding entire systems, giving AI access to their machines, crossing trust boundaries, and deploying autonomous agents with excessive permissions. The legal and regulatory world is nowhere close to ready. There will absolutely be new failure modes. Humans are amazing and always adapt, finding new ways to do things. The worst thing you can do right now is fall into a doom loop. ...and I’ll be honest, I too have felt the "psychological paralysis" a few times thinking, “Is this time different?” It's especially impactful when it comes from someone I respect in the community. There are certainly unknowns, in an industry where we've become accustomed to predictability. But... the majority of those reactions are usually driven by social media, not reality. Platforms like X reward engagement, and sensational doom posts spread faster than measured thinking. If you see something like: “Holy #$%^! Opus 66.6 just found every bug in Chrome and replaced 50 startups!” …mute it and move on. Instead: Stay curious. Learn the new technology. Adapt your skillsets. Build things. We’ll get through this transition the same way we always have. If I'm wrong then Sam Altman better be right about UBI! :) I'm sure that if this tweet gets any engagement that I'll get some heat for it, but a good friend of mine reminds me often to focus on what you have control over. I'll revisit this tweet at DEF CON 40!

@NYCMayor Killing. Civilians. Ok. So IRGC hits an elementary school and tries to blame the US and Israel, kills around 35,000 civilians trying to protest for rights in the span of a couple weeks, and the same civilians celebrating in the streets and this is your hot take? You are an idiot.

Today’s military strikes on Iran — carried out by the United States and Israel — mark a catastrophic escalation in an illegal war of aggression. Bombing cities. Killing civilians. Opening a new theater of war.  Americans do not want this. They do not want another war in pursuit of regime change. They want relief from the affordability crisis. They want peace. I am focused on making sure that every New Yorker is safe. I have been in contact with our Police Commissioner and emergency management officials. We are taking proactive steps, including increasing coordination across agencies and enhancing patrols of sensitive locations out of an abundance of caution. Additionally, I want to speak directly to Iranian New Yorkers: you are part of the fabric of this city — you are our neighbors, small business owners, students, artists, workers, and community leaders. You will be safe here.

@TalibanTYB @WarMonitor3 So they can hold the camera while the other ones yell world star.

@WarMonitor3 Trump is scared 😭😭😭😭why do they need this many jets !??????

US airforce F22 raptors have just taken off from RAF Lakenheath and are heading towards the Middle East.

If you've been laid off by the Washington Post this week and have any questions re: digital security, please email me on runa@granitt.io. I'll help you pro-bono for the rest of the month.

I’ve been quiet on here for a while, but I am currently in the job market. If anybody is looking for a consultant for threat intelligence, SOC ops, incident response, or social engineering please reach out to me. If you know of a position in any of those areas, I am happy to chat

@xray_media @sentdefender You can’t fault NORAD on a lack of shoot down. Wooden sleighs pulled by reindeer are a very small radar signature for lock on. Merry Christmas!

@sentdefender Trump's "Golden Dome" shield? A Christmas hypersonic breach proved it's vaporware. Same F-22 scramble as 2023, but now with a $175B price tag—and $3.6T reality. Taxpayers bled dry for contractor fantasies while threats fly unchallenged. Demand accountability now.

The North American Aerospace Defense Command (NORAD) has reportedly detected an “unidentified high-altitude, hypersonic contact” approaching U.S. Airspace from the direction of the Northern Atlantic, with F-22 Raptors being scrambled from Langley Air Force Base in Virginia.

Apparently if you’re right-brained you see a rabbit, if you’re left-brained you see a turtle. What do you see

@HLC_actual If Brandon Herrera is elected to office, I may have to move to Texas. Good hunting, sir and I look forward to seeing you bring leadership and actual common sense from people who live and work in your state to Washington!

I know Brandon personally and I have never met such a genuine man. What you see is what you get. It boggled my mind why someone with so much going in life would want to volunteer to be slandered and drug by the establishment in this election. I had to ask him and when I did the answer was simple “the more I learned about our rep the more I realized he was wrong for us, someone had to step up and change that.” He is a man of conviction who cares about Texas.

@AngryCops @UnsubscribeCast I am by no means encouraging people to start bombarding city school systems with FO request or to report members of the city school legal department to the New York Bar Association… that would be crazy. buffaloschools.org/o/dept-legal/s…

@JackRhysider I have heard from somewhat reliable sources that versions of it are available on torrent sites, and there were even updates. Of course, that could never be quite accurate…

It's interesting. A lot of you mentioned reading the Anarchist Cookbook as a kid. This has become a very rare book. Ebay has banned it, so you can't find it there. And when I look at places that do sell it, I can't find any for under $300.

@lucidic @vxunderground Are you talking about Chris Krebs or Brian Krebs?

@vxunderground krebsonsecurity.com/2025/03/how-ea… that might be why.. love him or hate him he does have some really good leads on stories

Today Donald J. Trump signed a Presidential Memorandum revoking any active security clearance held by Chris Krebs and his associates. This includes SentinelOne in totality. More information: whitehouse.gov/fact-sheets/20…

@J0hnnyXm4s Can you hack my ex’s my face and email accounts? Or: can you teach me hack?

I’m in a 13-hour flight; AMA Wrong questions only

@qwertymodo @vxunderground @donttrythis That’s getting added to my email signature line and in signs EVERYWHERE in my shop…

@vxunderground Awhile back, @donttrythis did a video where he toured a makerspace and they had a sign up that said "don't make me make a rule" and that's become my official "rule #0" every time I'm in a position to use it since.

Someone from India has been doing mass downloads from our virus exchange (in the millions) 1. My dude — we allow bulk downloads from our main website. 2. Don't make us impose API limitations

Where has this been all my life?

@infosecspy Is… is that Nimh or An American Tale in the background?

@redqueendyn @Liz_Steiner01 I was offered candy and coffee...

How did you get Phished? @Liz_Steiner01 once clicked an email that was "from" school HR about her invoice - and compromised the entire system over the summer. #checkthesender #closingtheliddoesntfixit

@ArthurianRed @SecureWVCon As an Appalachian I feel both seem and called out…

While @SecureWVCon I found a wrench in my pocket that was there from some maintenance I did at home this week. Feels emblematic if the cybersecurity/Appalachia intersection.