1.3K posts

Chris King (@[email protected])

@armengar

Recovering security researcher, vul disclosure nerd, DFIR, CTI, manager, loves hacking all the things. [email protected]

Katılım Şubat 2009

1.1K Takip Edilen336 Takipçiler

Chris King (@[email protected]) retweetledi

Chester Le Bron@123Le_Bron·28 Tem

I am back with a new blog mini series. This is for any of my Incident Response folks or people who need to secure their AWS environment but are still mostly new to it. Or anyone who believes investigating on-premises is the same as the cloud. #AWS #TDR chesterlebron.blogspot.com/2025/07/arent-…

English

5.8K

Chris King (@[email protected]) retweetledi

Florian Roth ⚡️@cyb3rops·16 Nis

Ah 👀 thecvefoundation.org

Florian Roth ⚡️@cyb3rops

MITRE announced on April 15 that their CVE contract ends on April 16. That timing alone raises some questions. The language in the message feels very deliberate: “We’re committed,” “considerable efforts,” “if a break were to occur” – while they know a break will happen the next day. That’s not just unfortunate timing. It looks like controlled messaging, maybe even a pressure move. CVE isn’t some massive budget item. It’s a lightweight system with probably a small core team and some automation. I’d guess a handful of full-time staff, not dozens. So cutting this - of all things - doesn’t really look like cost-saving. If the goal was to send a message about funding or contract uncertainty, they picked the most visible and disruptive program. And it worked – everyone’s paying attention. It’s worth noting that MITRE owns the CVE and CWE trademarks. Even if someone else takes over, they’ll still be operating within MITRE’s legal boundaries. All in all, this looks less like a necessary budget cut and more like a strategic decision to generate visibility and urgency. Hard to read it any other way.

120

427

68.3K

Chris King (@[email protected]) retweetledi

Andrew Morris (afk)@Andrew___Morris·31 Eki

Today we're releasing details of how our AI, Sift, stole a 0day in an IP Camera and we reported it and got it fixed. To reiterate- we did not develop the vuln. 1st blood is overrated. I'm all about 2nd blood. Marketing blog here: greynoise.io/blog/greynoise… Grimoire blog below:

English

16.3K

Chris King (@[email protected]) retweetledi

CYBERWARCON@CYBERWARCON·29 Eki

We're excited to introduce Kyle O'Meara, a cybersecurity veteran with 18+ years in threat hunting & adversary tracking. 👏🏻 From the NSA to Dragos, Kyle has been at the forefront of critical cybersecurity efforts. 🙌🏻 See y’all soon at #CYBERWARCON! cyberwarcon.com

English

943

Chris King (@[email protected])@armengar·12 Eki

@FrankMcG I’ve seen this in academic circles such as heinz.cmu.edu/programs/execu…

English

Frank McGovern - INACTIVE@FrankMcG·11 Eki

Posted this across several socials and got roughly the same answers. There aren’t really many of these types of training. And this speaks heavily to why we have so many problems in this industry. Too much training on tactical, niche, technical things and not enough strategic.

Frank McGovern - INACTIVE@FrankMcG

Looking for training that is about security strategy or enterprise security or architecture or similar concepts. Not SANS or Black Hat pricing but similar to some courses they have. Where have you gone or heard of that is offering this type of classroom training?

English

5.6K

Chris King (@[email protected]) retweetledi

Steve Christey Coley, BS 🐀@SushiDude·29 Eyl

25 years ago on Sep 29, 1999, MITRE announced the CVE Initiative. There's too much to say, so I'll be brief. CVE was not possible without a concerted, mostly-voluntary, community-wide effort. It's accomplished a lot, but it's daunting to see how much still needs to be done...

English

7.5K

Chris King (@[email protected])@armengar·24 Ağu

@Andrew___Morris Ah well…worth a guess. I’ve been to probably every Irish pub in the DMV and it looked familiar

English

Andrew Morris (afk)@Andrew___Morris·24 Ağu

@armengar i am not at O'Sullivans

English

Andrew Morris (afk)@Andrew___Morris·24 Ağu

i just be at the bar tweeting

English

2.2K

Chris King (@[email protected]) retweetledi

Chester Le Bron@123Le_Bron·13 Ağu

Finally got around to finishing my first blog post. If you are doing AWS detection engineering, you may find this useful. chesterlebron.blogspot.com/2024/08/my-met…

English

2.9K

Chris King (@[email protected])@armengar·7 Ağu

@NicoleBeckwith @c_APT_ure This has been sorely needed!

English

192

Nicole Beckwith@NicoleBeckwith·7 Ağu

Yesterday myself and a dedicated community of CTI professionals from around the globe launched the new cyber threat intelligence capability maturity model (CTI-CMM). This is truly a labor of love from us because we care about the future of CTI as an anchor inside cybersecurity teams. This free resource is open for everyone at cti-cmm.org where you can download it. The individuals called out in the document gave countless hours to help make CTI more accessible and I had the honor of working with and getting to know more about. Go check it out and go follow @CTIcmm for content updates and releases.

English

181

16.9K

Chris King (@[email protected])@armengar·6 Ağu

If you are at BH on Thursday - be sure to watch my amazing teammates Rushank and Ryan present on how they broke Immutable Backups: #are-your-backups-still-immutable-even-though-you-cant-access-them-39135" target="_blank" rel="nofollow noopener">blackhat.com/us-24/briefing…

English

Chris King (@[email protected])@armengar·19 Haz

cbtnews.com/how-to-improve… 🤔 @GuyDealership

QME

Chris King (@[email protected])@armengar·22 May

@SwiftOnSecurity Look at spur.us they have an excellent dataset.

English

251

SwiftOnSecurity@SwiftOnSecurity·21 May

Do you have weird tricks on detecting malicious remote staff using residential proxy frontends?

English

37.2K

Chris King (@[email protected]) retweetledi

Justin Elze@HackingLZ·17 Nis

Caleb Gross@noperator

@N805DN @HackingLZ because this: security.paloaltonetworks.com/CVE-2024-3400#…

ZXX

104

66.3K

Chris King (@[email protected]) retweetledi

GreyNoise@GreyNoiseIO·15 Nis

🚨 We're tracking new 0-day RCE CVE-2024-3400 in Palo Alto Networks PAN-OS 10.2-11.1 allowing unauthenticated root access in certain configs, check out the blog for more details. greynoise.io/blog/cve-2024-…

English

146

17.7K

Chris King (@[email protected])@armengar·28 Mar

@GergelyOrosz @_ontologic It’s closer to 10 years old, started at Google as their BeyondCorp model before getting generalized. paper on it: research.google/pubs/beyondcor…

English

Gergely Orosz@GergelyOrosz·28 Mar

@_ontologic Defense in depth as a strategy also popular. Zero Trust has only been around for a few years AFAIK! (But I am not an expert) At least this was published in 2020: csrc.nist.gov/pubs/sp/800/20…

English

3.8K

Gergely Orosz@GergelyOrosz·28 Mar

Learning about Zero Trust as a security model: and I really dig it. The idea is that you treat all users like they were external users. You don't grant additional privileges (or skip security checks) for internal users. Simple. Powerful! (The devil in the details of course!)

English

512

86.6K

Chris King (@[email protected]) retweetledi

SpecterOps@SpecterOps·13 Mar

In his latest blog, @harmj0y unpacks one specific use case for large language models in the security domain & announces RAGnarok, a proof-of-concept local chatbot frontend, for Nemesis. Check out the post to learn more! ghst.ly/4acetAw

English

6.3K

Chris King (@[email protected])@armengar·28 Şub

@ImposeCost This is something we talked about at CERT/CC a few years ago. We had the benefit of being a non-profit and the thought was the donation of a vulnerability would be tax deductible based off the value. Lawyers didn’t think it would past muster in current law

English

Chris King (@[email protected])@armengar·22 Şub

@nas_bench Continuous testing of every rule where possible, with adversarial test cases, based off threat intel

English

106

Nasreddine Bencherchali@nas_bench·22 Şub

For detection engineers out there here is a question for you. If you see a new technique or tool how do you answer the following questions. Do i have coverage? If not, then do I need a rule or should I update an existing rule that claims that it covers such technique / procedure? Rules hygiene is one of my biggest concern in DE. One of the hardest things I learned by maintaining SigmaHQ is the answer to the above is very hard without a full overview of your rule base.

English

16.9K

Chris King (@[email protected])@armengar·22 Şub

@Andrew___Morris @GreyNoiseIO Welcome to the great game. Paging @zmanion

English

118

Andrew Morris (afk)@Andrew___Morris·22 Şub

now that I get to work with computers again I'm writing a new GN vuln API that gives our customers the ability to quickly grab the list of all the vulns we've observed being exploited in the wild and I have a whole new appreciation for how FUCKED vulnerability ontologies are

English

8.3K

Keşfet

@FrankMcG @Andrew___Morris @NicoleBeckwith @c_APT_ure @CTIcmm @GuyDealership @SwiftOnSecurity @GergelyOrosz