David J. Bianco

Are you maximizing your use of IOCs? Use the Pyramid of Pain to find out! goo.gl/Fwc08

I read the bill's text. It doesn't actually stop sharks from eating fish. Instead, sharks must yell "You been SHARKED!" before eating, hoping to embarrass them into changing behavior.

Big thanks to @likethecoins and SANS for having the #PEAK #ThreatHunting team (@letswastetime and @iknowuhack) on their livestream today. What a fun conversation, and excellent audience questions too! If you missed it, catch the recording at buff.ly/4iGANqR

@InfoSecSherpa @iknowuhack @letswastetime Thank you! It was a heck of a night last night.

@DavidJBianco @iknowuhack @letswastetime Congratulations!

I'm honored to share this SANS Difference Makers Award with my #PEAK #ThreatHunting framework co-authors @iknowuhack and @letswastetime. Thank you to everyone who voted for us and also to everyone using PEAK around the world!

@jamieantisocial @audrastreetman @letswastetime @iknowuhack Thanks, Audra! I hope you know when I thanked the entire team I was mentally including you as well. So thank you!

@audrastreetman @letswastetime @DavidJBianco @iknowuhack ❤️💪🥂🥳

Everyone's looking at the sky, seeing things they never noticed before, getting quite alarmed. Just like a new SOC analyst. Everything's an anomaly if you look at it long enough.

So excited for tomorrow's Difference Makers Awards. I'm nominated in the "Innovation of the Year" category with my #PEAK #ThreatHunting Framework coauthors @iknowuhack and @letswastetime, and in the Team category for my entire #SURGe family. buff.ly/4izlxfr

@JoelEsler Thanks, I did that already. Neither support x86_{32,64} running on ARM processors. Apparently, QEMU *might* be able to do it, but at such a substantial emulation penalty that the performance of the VMs makes it pointless (at least, according to those who have tried it).

@DavidJBianco May want to double check

I had to replace my aging Intel MacBook Pro with something newer, but also x86. I first tried Linux (which, it should be noted, I've used an administered for > 30 years counting prior UNIX). (1/2)

@JoelEsler Nah, last I checked, neither allows you to run x86 guest VMs on ARM hosts.

@DavidJBianco I'm confused. VMware and Parallels both do. What am I missing?

@NickSmi59531224 Yes, but (for example) "forgot to patch X" results in an exploit which is just one step. If it's initial access, you don't stop there; you must still take other steps to achieve your goal. If it was later in the cycle, there were other steps ahead of it.

@DavidJBianco I mean... Sam curry has dozens of talks on just getting lucky on dumb things. Most security i feel is getting lucky on dumb things. Forgot to patch X. Accidental wild card, accidental cred leak, etc. Usually it's the simple that causes issues in my experience.

I don't mean to be rude, but if you're out there talking about the Defender's Dilemma and how the #BlueTeam needs to be perfect everywhere and attackers only need to "get it right once", it just tells me that you don't know what you're talking about. #cybersecurity

@gleeda @furt_tech Sadly, "victim org doesn't have a security team" is common, but it doesn't mean the Defender's Dilemma is true. It just means they don't have defenders. There are still detection and intervention opportunities, even if the org isn't prepared to exploit them.

@DavidJBianco @furt_tech Most of our customers don’t have security teams. Tons of small businesses don’t. Lots of open RDP, bad configs, and other low hanging fruit. They don’t fit your model laid out here.

@furt_tech I'm struggling to think of many scenarios where the attack was only a single event. Maybe I'm showing my Fortune 500 bias, but most orgs with security teams should be beyond the script kiddie phase.

@DavidJBianco I am gonna step in to disagree with you on this one and point out the thousands of occasions where a skiddy with a simple vulnerability destroyed entire corporations. But i probably dont know what im talking about so...

@slobtresix0 If the attacker is never detected throughout their entire lifecycle, they got it right a bunch of times, not just once.

@DavidJBianco 100 percent this, but also, stating all your absolutes based on what is detected and ignoring the reality of adversarial operations that generate no detections...

@Kostastsale Yeah, I've done a few talks about it, and also published this last year: techcrunch.com/2023/02/07/cyb…

I wrote a blog about this topic a long time ago because I was tired of arguing with some people about this nonsense. kostas-ts.medium.com/busting-the-my…

@DomainTools @NicoleBeckwith @BSides_NoVA @bapril @kyleehmke @MalwareJake @th3_protoCOL @Jhaddix @SwiftOnSecurity @TipsyBacchus @HackingDave @ANeilan That's very kind of you, thank you!

Continuing #NationalGratitudeMonth! Thanks for all you do for the community @NicoleBeckwith, @BSides_NoVA, @DavidJBianco, @bapril, @kyleehmke, @MalwareJake, @th3_protoCOL, @Jhaddix, @SwiftOnSecurity, @TipsyBacchus, @HackingDave, @ANeilan

There's nothing like a good data breach to remind you of all the subscriptions you forgot about.

🔎 Join us at the 2025 #CTISummit & Training where you'll hear from #CTI experts & have the chance to take FOR572, led by @DavidJBianco! This course teaches you to analyze network artifacts, improve #IncidentResponse effciency, & more. → Learn more: buff.ly/48Dku9K