Ask anyone who’s worked in a SOC long enough and they’ll tell you: debates over “true positive” versus “false positive” happen a lot. Usually, the conversation goes in circles—one person insists an alert was a false positive, another argues it was technically a true positive,
I'm excited to announce the release of CelesTLSH CLI, a lightweight CLI interface tool for calculating, comparing, and analyzing TLSH hashes. This tool is designed to help security professionals quickly identify potentially malicious files by comparing them against a database of known attack tools.
A 1953 mathematical framework reveals how military RADAR research can revolutionize cybersecurity. By transforming threat detection from gut feeling to probabilistic science, signal detection theory offers a powerful approach to distinguishing genuine threats from routine noise.
Maintaining online privacy in today’s world is nearly impossible without completely disconnecting—and even then, friends and family may inadvertently expose your information through their own weak security practices. Because of this, many people see the effort as futile and don’t even bother. But I completely disagree. A
When I started in cybersecurity, most web traffic wasn’t encrypted, which meant Firewalls and Network Intrusion Detection Systems played a critical role in detecting malicious activity. Endpoint visibility was limited—most organizations still relied on traditional Anti-Virus
For the past year and a half, I’ve been on one of the wildest adventures of my life, writing a book on UFOs and UAP. It has taken me through a painstaking process of finding and connecting with people who may hold valuable information for my work.
While reading Imminent, a newly released book on UAPs by Luis “Lue” Elizondo, I noticed something intriguing: the text redacted by the Department of Defense was left in plain sight. Naturally, my curiosity kicked in—who wouldn’t want to uncover what’s hidden behind those blacked-out lines?
It is often mistakenly believed that defenders cannot gain visibility into the early stages of the Cyber Kill Chain before the delivery phase.
Five years ago, I co-authored the first public paper on the concept of Detection as Code. While having some technical peers review this paper, we found that a few more advanced security programs were already utilizing this sort of method, just not publicly talking about it.
Throughout my cybersecurity career, I’ve had the opportunity to build three Cyber Security Operation Centers (SOCs) from scratch, including two for Managed Detection and Response (MDR) providers.
Recently, the killer vulnerability research team at Qualys discovered a Remote Code Execution (RCE) vulnerability in OpenSSH that exploits a race condition within SSH. This vulnerability is particularly concerning because SSH is commonly exposed to the internet for remote system management.
The volume and quality of Threat Intelligence for Linux attacks have traditionally lagged behind that for Windows, despite Linux's significant cloud presence. Most reports have focused on reverse engineering Linux-based malware and attack tools.