Michael Cloppert

I think of analysis as art and science: art in formulating questions and assessments; science in finding answers and validation.

If you use "AI agents" (LLMs that call tools) you need to be aware of the Lethal Trifecta Any time you combine access to private data with exposure to untrusted content and the ability to externally communicate an attacker can trick the system into stealing your data!

Do you know someone just starting their career in #CTI located in the Czech Republic? If so, please share this job posting with them to join our awesome team defending PwC's global network! (no, we cannot hire for this role outside of CZ) pwc.wd3.myworkdayjobs.com/Global_Campus_…

Looking for an early career professional in AU interested in joining our #CTI team! Prior exp in CTI not necessary, technical background is. pwc.wd3.myworkdayjobs.com/CRM_Experience…

@markjx01 @ImposeCost Wow that was a long time ago but I definitely remember writing that fork. Very helpful back in 1999 (? I think ?) when AIM was how everyone communicated who wasn’t on IRC (aka less tech friends of ours).

@ImposeCost I hacked an IM aggregator with @mikecloppert so that you could send messages to people that were offline (it would queue and send when they came back online) We need aggregators for Teams, Discord, and Slack...

Although I cannot vouch for its complete accuracy, this is an incredible piece of work mapping relationships b/w every major ransomware group. github.com/cert-orangecyb…

🌐🤝@CISAgov & global partners join forces to unveil Joint #Cybersecurity Advisory on Russia's FSB-backed 🐍 "Snake" Malware - a highly sophisticated cyber espionage tool. Arm your organization with our extensive 50-page advisory & stay protected!🛡️ cisa.gov/news-events/cy…

“The pursuit of knowledge is hopeless, and eternal.” - Futurama. Thomas Kuhn would strenuously agree.

@_whatshisface @likethecoins @sansforensics @MITREattack Agreed 100%. This is a variant of the false dichotomy fallacy, good to see the audience identify it as such. All 4 models work together quite well and are generally complimentary with some minor adjustments.

Some intentional grenade throwing from @likethecoins polling the audience at the beginning of @sansforensics #CTISummit. I agree with the winning answer (It depends), but neat seeing the response on @MITREattack.

@colemankane I'll admit, I almost defaulted to that trope (which is such for good reason)

Dear literally everyone, PLEASE for the love of all things, stop defaulting to "was it a cyberattack?" for every major IT outage. No. It almost never is. With most irritable regards, Mike

@ajMSFT @Microsoft @MsftSecIntel So happy to see this - good for you, and well deserved AJ. Thanks from your fellow defenders for a job expertly done.

Just a short note to share that I retired from @Microsoft today after nearly 21 years. It was my dream career and wouldn’t trade a single moment or experience. I’ve no immediate plans. Downsize a little, travel a little, maybe see what life is like in a few different zip codes.

@killchain Our daily stand-ups include a show and tell section and I can’t believe we hadn’t thought of this. It was the statement of the day for us hahaha

Excellent @WarOnTheRocks piece on RU & US information warfare, strategy, and perceptions: warontherocks.com/2022/07/assess…

I can't rave about this tool enough. Humans are horrible at differentiating strings of numbers (i.e. IPs), but we're great at separating names/places. Which of these two log line outputs are easier to read? Which one helps you better mentally 'bucket' the IPs?

@killchain Finally in open source! 🥳

2/ There is also a useful distinction from hacktivism, in that the individuals and groups are actively supporting one side of warring states.

Thought (1/): we've had vigilante justice for, like, ever. Now, with the internet and dependence of warring states on it, we have widespread vigilante warfare. I think this is usefully distinct from uprisings / insurgents / volunteers / guerilla warfare.

@markjx01 @yishan If you don’t go down rabbit holes, you aren’t an analyst. If you don’t bring a rope, you aren’t an experienced one.

@mikecloppert @yishan Great share! I really like the bit about censoring behavior vs censoring ideas. And, I fell down the rabbit hole of reading his thread about Omega Events. Good stuff! twitter.com/yishan/status/…

Incredible thread by @yishan In particular, I love how he nails the bias of my generation (Gen X) about the internet… threadreaderapp.com/thread/1514938…