Jackson T.

239 posts

Jackson T.

Jackson T.

@Jackson_T

Tweets/views are my own.

@[email protected] Katılım Mayıs 2009
463 Takip Edilen3.5K Takipçiler
Sabitlenmiş Tweet
Jackson T.
Jackson T.@Jackson_T·
In this post, I discuss one key difference in the thinking between sophisticated adversaries and many of the red teams that try to simulate them, as well as what that means for tradecraft and tooling. jackson_t.gitlab.io/it-depends.html
Jackson T. tweet media
English
5
95
269
0
Jackson T. retweetledi
Matt Hand
Matt Hand@matterpreter·
I don’t really talk about personal stuff on here, but this is important. My daughter’s leukemia has relapsed. We’ve been admitted to the children’s hospital for treatment, but it’s going to be a long road. One of the potential courses of treatment is a stem cell transplant..
English
18
31
90
23.2K
Jackson T.
Jackson T.@Jackson_T·
Efforts like this stimulate the thought that a threat to EDR efficacy more subtle than a malicious kernel driver is another (competing) event-driven system that supports progress on objectives through calculated CoA recommendations.
English
0
0
4
845
Jackson T.
Jackson T.@Jackson_T·
Pleased to see @SpecterOps onboard with shifting away from Human-Is-The-Loop decision making to approaches that can better empower operators in commercial red teams. We're all probably about a decade late to the party but better late than never. 😀
Will Schroeder@harmj0y

I know I haven't blogged for a bit, but I promise @tifkin_, @0xdab0, and I have been working on something cool! This is the first blog in a series on the problem set we've been tackling, leading up to what we've built to address it - "On (Structured) Data" posts.specterops.io/on-structured-…

English
1
0
18
5.5K
Jackson T.
Jackson T.@Jackson_T·
Seeing things this way has implications on the design and development of platforms that enable product testing and decision support.
English
0
0
1
609
Jackson T.
Jackson T.@Jackson_T·
> Instead of thinking of the properties of procedures as having fixed values, consider them more like words in language, whose meanings can change depending on the context: “Time flies like an arrow. Fruit flies like bananas.”
English
1
0
1
676
Jackson T.
Jackson T.@Jackson_T·
There is something about this description of contextuality that deeply resonates with my understanding of the interactions between defensive and offensive procedures. I still think my understanding is limited, but consider the rephrasing of an excerpt from this article below:
Quanta Magazine@QuantaMagazine

In quantum mechanics, contextuality says that properties of particles, such as their position or polarization, only exist within the context of a measurement. quantamagazine.org/the-spooky-qua…

English
1
0
5
2.8K
Jackson T.
Jackson T.@Jackson_T·
@jaredcatkinson @nas_bench @michaelbarclay_ From the "attacker" standpoint, it is interesting to frame a nebulous concept like stealth into the quantitative exercise of reducing surprise in the telemetry that defenders receive.
English
0
0
2
197
Jared Atkinson
Jared Atkinson@jaredcatkinson·
@nas_bench @michaelbarclay_ Completely agree. I like how he talks about it in the context of “surprise reduction.” The idea that we have expectations and when we face uncertainty we want to make the choice that minimizes the probability of surprise is quite nice.
English
1
0
3
381
Jared Atkinson
Jared Atkinson@jaredcatkinson·
My philosophical approach to detection is inspired by Karl Friston’s Free Energy Principle. Here’s a short video of him discussing the idea. youtu.be/NIu_dJGyIQI h/t to @michaelbarclay_ for originally sharing this video with me.
YouTube video
YouTube
Jared Atkinson@jaredcatkinson

Definitely. Maybe this is a better analogy for a more active form of defense such as prevention. Make a move that forces a predictable counter move. Your point about paths is exactly how I think of this problem. Defense is a matter of path prediction (detection) and path reduction (prevention).

English
1
1
11
3.4K
Jackson T.
Jackson T.@Jackson_T·
@vysecurity Both are important. But self-reflecting on which of those two drives subjectively rank as fundamental can indicate something about mindset.
English
1
0
1
234
Jackson T.
Jackson T.@Jackson_T·
@vysecurity Another way to phrase it is: What tends to drive the search process toward an outcome? Is it driven by the study of technology in an environment or by the study of how desired information flows?
English
1
0
1
376
Jackson T.
Jackson T.@Jackson_T·
One can tell how a red team operator thinks by which word in "information technology" they put most weight on in steering their engagement activity.
English
1
1
8
2.1K
Jackson T.
Jackson T.@Jackson_T·
“The greatest goals are achieved through minor but continuous ekkedt [sic: effort].” This quote from Anatoly Dneprov's thought provoking short story, "The Game" (1961) has resonated with me lately. hardproblem.ru/en/posts/Event…
English
0
0
6
999
Raul • 𝖙𝖍𝖊𝖌3𝖓𝖙𝖑3𝖒𝖆𝖓
Raul • 𝖙𝖍𝖊𝖌3𝖓𝖙𝖑3𝖒𝖆𝖓@theg3ntl3m4n·
I always think about these IR reports that are published and wonder what if they really didn’t eradicate the TA out of the network…..I always think about that in the shoes of a Blue Teamer that would be quite a common thought in my head
Raul • 𝖙𝖍𝖊𝖌3𝖓𝖙𝖑3𝖒𝖆𝖓 tweet media
English
2
1
6
1.1K
Jackson T.
Jackson T.@Jackson_T·
Anyone else using Ross Ashby's "Law of Requisite Variety" as a way to frame their understanding of attacker-defender competition?
English
1
0
4
946
shubs
shubs@infosec_au·
Last year, @Jhaddix, @bscarvell, @seanyeoh and I found a pre-auth RCE in Oracle Opera - CVE-2023-21932. This product holds the PII of every guest (including credit cards 😱). It's used by almost all of the big hotel/resort chains around the world. blog.assetnote.io/2023/04/30/rce… - 1/4
shubs tweet media
English
8
160
637
105.7K

Keşfet

@SpecterOps @jaredcatkinson @nas_bench @michaelbarclay_ @vysecurity @theg3ntl3m4n @networkattack @elonmusk