What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-07-01 08:00:07 | Reference: TaoSecurity News (lien direct) | I started speaking publicly about digital security in 2000. I used to provide this information on my Web site, but since I don't keep that page up-to-date anymore, I decided to publish it here. 2017 Mr. Bejtlich led a podcast titled Threat Hunting: Past, Present, and Future, in early July 2017. He interviewed four of the original six GE-CIRT incident handlers. The audio is posted on YouTube. Thank you to Sqrrl for making the reunion possible. Mr. Bejtlich's latest book was inducted into the Cybersecurity Canon. Mr. Bejtlich is doing limited security consulting. See this blog post for details. 2016 Mr. Bejtlich organized and hosted the Management track (now "Executive track") at the 7th annual Mandiant MIRCon (now "FireEye Cyber Defense Summit") on 29-30 November 2016. Mr. Bejtlich delivered the keynote to the 2016 Air Force Senior Leaders Orientation Conference at Joint Base Andrews on 29 July 2016. Mr. Bejtlich delivered the keynote to the FireEye Cyber Defense Live Tokyo event in Tokyo on 12 July 2016. Mr. Bejtlich delivered the keynote to the New Zealand Cyber Security Summit in Auckland on 6 May 2016. Mr. Bejtlich delivered the keynote to the Lexpo Summit in Amsterdam on 21 April 2016. Video posted here. Mr. Bejtlich discussed cyber security campaigns at the 2016 War Studies Cumberland Lodge Conference near London on 30 March 2016. Mr. Bejtlich offered a guest lecture to the Wilson Center Congressional Cybersecurity Lab on 5 February 2016. Mr. Bejtlich delivered the keynote to the SANS Cyber Threat Intelligence Summit on 4 February 2016. Slides and video available. 2015 Mr. Bejtlich spoke on a panel at the DefenseOne Summit on 2 November 2015. Mr. Bejtlich spoke on a panel at the AEI Internet Strategy event on 27 October 2015. Mr. Bejtlich organized and hosted the Management track at the 6th annual Mandiant MIRCon on 13-14 October 2015. Mr. Bejtlich testified to the House Foreign Affairs Committee on 7 October 2015. Mr. Bejtlich testified to the House Armed Services Committee on 30 September 2015. Mr. Bejtlich delivered a keynote at the 2015 Army Cyber Institute Cyber Talks on 22 September 2015 in Washington, DC. Mr. Bejtlich delivered a keynote at the 2015 Security Onion Conference on 11 September 2015 in Augusta, GA. Mr. Bejtlich delivered a keynote at the 2015 World Services Group Conference on 10 S | Guideline | APT 1 | |
|
2018-12-21 16:30:11 | Managing Burnout (lien direct) |  This is not strictly an information security post, but the topic likely affects a decent proportion of my readership.Within the last few years I experienced a profound professional "burnout." I've privately mentioned this to colleagues in the industry, and heard similar stories or requests for advice on how to handle burnout.I want to share my story in the hopes that it helps others in the security scene, either by coping with existing burnout or preparing for a possible burnout.How did burnout manifest for me? It began with FireEye's acquisition of Mandiant, almost exactly five years ago. 2013 was a big year for Mandiant, starting with the APT1 report in early 2013 and concluding with the acquisition in December.The prospect of becoming part of a Silicon Valley software company initially seemed exciting, because we would presumably have greater resources to battle intruders. Soon, however, I found myself at odds with FireEye's culture and managerial habits, and I wondered what I was doing inside such a different company.(It's important to note that the appointment of Kevin Mandia as CEO in June 2016 began a cultural and managerial shift. I give Kevin and his lieutenants credit for helping transform the company since then. Kevin's appointment was too late for me, but I applaud the work he has done over the last few years.)Starting in late 2014 and progressing in 2015, I became less interested in security. I was aggravated every time I saw the same old topics arise in social or public media. I did not see the point of continuing to debate issues which were never solved. I was demoralized and frustrated.At this time I was also working on my PhD with King's College London. I had added this stress myself, but I felt like I could manage it. I had earned two major and two minor degrees in four years as an Air Force Academy cadet. Surely I could write a thesis!Late in 2015 I realized that I needed to balance the very cerebral art of information security with a more physical activity. I took a Krav Maga class the first week of January 2016. It was invigorating and I began a new blog, Rejoining the Tao, that month. I began to consider options outside of informations security.In early 2016 my wife began considering ways to rejoin the W-2 workforce, after having stayed home with our kids for 12 years. We discussed the possibility of me leaving my W-2 job and taking a primary role with the kids. By mid-2016 she had a new job and I was open to departing FireEye.By late 2016 I also realized that I was not cut out to be a PhD candidate. Although I had written several books, I did not have the right mindset or attitude to continue writing my thesis. After two years I quit my PhD program. This was the first time I had quit anything significant in my life, and it was the right decision for me. (The Churchill "never, never, never give up" speech is fine advice when defending your nation's existence, but it's stupid advice if you're not happy with the path you're following.)In March 2017 I posted Bejtlich Moves On, where I said I was leaving FireEye. I would offer security consulting in the short term, and would open a Krav Maga school in the long-term. This was my break with the security |
APT 1 | ||
|
2018-06-25 15:03:20 | Bejtlich on the APT1 Report: No Hack Back (lien direct) |  Before reading the rest of this post, I suggest reading Mandiant/FireEye's statement Doing Our Part -- Without Hacking Back.I would like to add my own color to this situation.First, at no time when I worked for Mandiant or FireEye, or afterwards, was there ever a notion that we would hack into adversary systems. During my six year tenure, we were publicly and privately a "no hack back" company. I never heard anyone talk about hack back operations. No one ever intimated we had imagery of APT1 actors taken with their own laptop cameras. No one even said that would be a good idea.Second, I would never have testified or written, repeatedly, about our company's stance on not hacking back if I knew we secretly did otherwise. I have quit jobs because I had fundamental disagreements with company policy or practice. I worked for Mandiant from 2011 through the end of 2013, when FireEye acquired Mandiant, and stayed until last year (2017). I never considered quitting Mandiant or FireEye due to a disconnect between public statements and private conduct.Third, I was personally involved with briefings to the press, in public and in private, concerning the APT1 report. I provided the voiceover for a 5 minute YouTube video called APT1: Exposing One of China's Cyber Espionage Units. That video was one of the most sensitive, if not the most sensitive, aspects of releasing the report. We showed the world how we could intercept adversary communications and reconstruct it. There was internal debate about whether we should do that. We decided to cover the practice it in the report, as Christopher Glyer Tweeted:  In none of these briefings to the press did we show pictures or video from adversary laptops. We did show the video that we published to YouTube.Fourth, I privately contacted former Mandiant personnel with whom I worked during the time of the APT1 report creation and distribution. Their reaction to Mr Sanger's allegations ranged from "I've never heard of that" to "completely false." I asked former Mandiant colleagues, like myself, |
Hack | APT 1 | |
|
2018-01-14 14:08:40 | Remembering When APT Became Public (lien direct) |  Last week I Tweeted the following on the 8th anniversary of Google's blog post about its compromise by Chinese threat actors:This intrusion made the term APT mainstream. I was the first to associate it with Aurora, in this post https://taosecurity.blogspot.com/2010/01/google-v-china.htmlMy first APT post was a careful reference in 2007, when we all feared being accused of "leaking classified" re China: https://taosecurity.blogspot.com/2007/10/air-force-cyberspace-report.htmlI should have added the term "publicly" to my original Tweet. There were consultants with years of APT experience involved in the Google incident response, and they recognized the work of APT17 at that company and others. Those consultants honored their NDAs and have stayed quiet.I wrote my original Tweet as a reminder that "APT" was not a popular, recognized term until the Google announcement on 12 January 2010. In my Google v China blog post I wrote:Welcome to the party, Google. You can use the term "advanced persistent threat" (APT) if you want to give this adversary its proper name.I also Tweeted a similar statement on the same day:This is horrifying: http://bit.ly/7x7vVW Google admits intellectual property theft from China; it's called Advanced Persistent Threat, GOOGI made the explicit link of China and APT because no one had done that publicly.This slide from a 2011 briefing I did in Hawaii captures a few historical points: The Google incident was a watershed, for reasons I blogged on 16 January 2010. I remember the SANS DFIR 2008 event as effectively "APTCon," but beyond Mandiant, Northrup Grumman, and NetWitness, no one was really talking publicly about the APT until after Google.As I noted in the July 2009 blog post, You Down With APT? (ugh):Aside from Northrup Grumman, Mandiant, and a few vendors (like NetWitness, one of the full capture vendors out there) mentioning APT, there's not much else available. A Google search for "advanced persistent threat" -netwitness -mandiant -Northrop yields 34 results (prior to this blog post). (emphasis added)Today that search yields 244,000 results.I would argue we're "past APT." APT was the buzzword for |
APT 17 APT 1 | ||
|
2017-03-17 08:00:00 | Bejtlich Moves On (lien direct) |  Exactly six years ago today I announced that I was joining Mandiant to become the company's first CSO. Today is my last day at FireEye, the company that bought Mandiant at the very end of 2013.The highlights of my time at Mandiant involved two sets of responsibilities.First, as CSO, I enjoyed working with my small but superb security team, consisting of Doug Burks, Derek Coulsen, Dani Jackson, and Scott Runnels. They showed that "a small team of A+ players can run circles around a giant team of B and C players."Second, as a company spokesperson, I survived the one-of-a-kind ride that was the APT1 report. I have to credit our intel and consulting teams for the content, and our marketing and government teams for keeping me pointed in the right direction during the weeks of craziness that ensued.At FireEye I transitioned to a strategist role because I was spending so much time talking to legislators and administration officials. I enjoyed working with another small but incredibly effective team: government relations. Back by the combined FireEye-Mandiant intel team, we helped policy makers better understand the digital landscape and, more importantly, what steps to take to mitigate various risks.Where do I go from here?Twenty years ago last month I started my first role in the information warfare arena, as an Air Force intelligence officer assigned to Air Intelligence Agency at Security Hill in San Antonio, Texas. Since that time I've played a small part in the "cyber wars," trying to stop bad guys while empowering good guys.I've known for several years that my life was heading in a new direction. It took me a while, but now I understand that I am not the same person who used to post hundreds of blog entries per year, and review 50 security books per year, and write security books and articles, and speak to reporters, and testify before Congress, and train thousands of students worldwide.That mission is accomplished. I have new missions waiting.My near-term goal is to identify opportunities in the security space which fit with my current interests. These include:Promoting open source software to protect organizations of all sizesAdvising venture capitalists on promising security start-upsHelping companies to write more effective security job descriptions and to interview and select the best candidates availableMy intermediate-term goal is to continue my Krav Maga training, which I started in January 2016. My focus is the General Instructor Course pr |
APT 1 |
1
We have: 5 articles.
We have: 5 articles.
To see everything:
Our RSS (filtrered)
