Search
Items tagged with: infosec
I'm fascinated by the concept of measuring attacker-defender advantage in software, devices, and even entire IT environments. What do I mean by "attacker-defender advantage?" Lemme sum up and then share a chart.
Let's say you could measure the speed at which defenders remediate various types of security vulnerabilities across all relevant assets. Then say you could detect and measure the speed at which attackers find/exploit those vulnerable assets across the target population of organizations using them. Finally, plot those curves (across time and assets) to see the delta between them and derive a measure of relative advantage for attackers and defenders. That relative value is what I mean by attacker-defender advantage.
Since a picture is worth a thousand words, here's a visual example of the concept. The blue line represents defenders, measuring the speed of remediation. Red measures how attacker exploitation activity spreads across the target population. When the blue line is on top, defenders have a relative advantage (remediating faster than attackers are attempting to exploit new targets). When red's on top, the opposite is true. The delta between the lines corresponds to the relative degree of advantage (also expressed by the number in the upper left).
This chart comes from prior Cyentia Institute research in which we were able to combine datasets from two different partners (with their permission). Unfortunately, those datasets/partners are no longer available to further explore this concept - but maybe this post will inspire new partnerships and opportunities!
Any surprises in the attacker-defender advantage results depicted in the chart? Has anyone measured this or something similar?
#cybersecurity #vulnerabilities #cyberattacks #infosec #exploitation
If you are a US-based organisation working in support of human rights and/or the environment looking to swiftly migrate your server infrastructure and data to safer soil, get in touch.
We have extensive experience helping frontline at-risk orgs find a safer home for their work, on their terms and under their control, with a particular focus on hosting in jurisdictions with robust data-protection laws.
Pass it on.
With Musk serving as a de facto cabinet member, it's reasonable to assume that X/Twitter will freely provide federal agencies with the sort of data that would normally require a warrant.
It's equally safe to assume that far right agency heads will use that data to pursue administration goals, like immigrant deportation, abortion prosecution, protest suppression, etc.
If you know anyone who insists on using Twitter, please urge them to be excruciatingly careful about what they post there from now on. Information and data that may have seemed innocuous a year ago are now a threat vector, and the person posting them may not always be the person most at risk.
#infosec #Twitter
Wild ass day in the Tor node operator world. Got an email from my VPS, forwarding a complaint from WatchDog CyberSecurity saying that my box was scanning SSH ports!
> Oh no, oh no, I knew I should have set up fail2ban, oh god why was I so lackadaisical!
So I remote in to the machine: no unusual network activity, no unusual processes, users, logins, command history, no sign that anything is doing anything I didn't tell it to do.
So what's up? Turns out there's been a widespread campaign where some actor is spoofing IPs to make it look like systems running Tor are scanning port 22: forum.torproject.org/t/tor-rel…
Operators from all over are saying they're getting nastygrams from their VPS providers because WatchDog is fingering their source IPs (which are being spoofed and NOT part of a global portscanning botnet).
@delroth did an amazing writeup of the whole thing here: delroth.net/posts/spoofed-mass…
#tor #infosec #cybersecurity #threatintel #privacy
[tor-relays] Tor relays source IPs spoofed to mass-scan port 22?
It would be hard to explain to Verizon I run Tor relays since they technically don't allow servers. I hope I'm not forced onto AT&T Internet Air as my particular co-op rental unit won't let met get Spectrum even when other units can, not that I wante…Tor Project Forum
On my blog: One weird trick to get the whole planet to send abuse complaints to your best friend(s)
delroth.net/posts/spoofed-mass…
Summary of my adventures from last evening, as read in this Mastodon thread: mastodon.delroth.net/@delroth/…
#infosec #networking #tor
delroth's homepage - One weird trick to get the whole planet to send abuse complaints to your best friend(s)
delroth's homepage
By any chance did anyone recently also get an abuse report from "watchdogcyberdefense.com"?Hetzner forwarded one to me claiming that my server has been ssh-scanning some random network, but uh, I've looked for a while and can't find any evidence of weirdness (granted, can't easily prove a negative). And that company seems awfully fishy in terms of online presence.
I'm half expecting it to be spam but I can't figure out what their strategy would be. Or incompetence perhaps?
I recently found out that my department at work is being shut down, so I'm looking for a new position!
I spent the last 6 years building advanced security assessment capabilities around hardware/IoT, industrial, marine OT, and x86 platforms. Before that I spent 5 years as a pentester. I excel at weird and novel stuff where there's no template.
I'm based in the UK and I'm looking for a remote full-time role.
CV: poly.nomial.co.uk/graham_suthe…
Thanks!