BC TECH
Saved by @jay_millerjay

A quick thread on intelligence analysis in the context of cyber threat intelligence. I see a number of CTI analysts get into near analysis paralysis phases for over thinking their assessments or over obsessing about if they might be wrong. (1/x)

 Consider this scenario. A CTI analyst identifies new intrusions and based on the collection available and their expertise note that the victims are all banks. Their consumer wants to know when threats specifically target banks (not just that banks are victims).
The CTI analyst has, from their collection, at this time, and based on their expertise enough to make an activity group (leveraging the Diamond Model in this example) that meet's the requirement of their consumer. So what's the problem?
The CTI analyst begins to over think it. "What if I had more collection? Would my analysis change? I really don't *know* they aren't also targeting mining companies in Australia as I don't have collection there."
The analyst knows their analysis is going to be shared. Maybe even public. "What if another team or professional intelligence firm has more collection and ends up noting that it isn't banking specific at all. Banks are victims, not targets. Will my consumer distrust me later?"
It's a scenario I see often. I see many of my #FOR578 students run into scenarios like this. "What if I say something about ICS, what will Dragos say. What if I say something about this APT, what will FireEye say. What if I say something about $X, what will CrowdStrike say."
All of our assessments are made using our expertise at a point in time with the available collection. One of the values of estimative language is explicitly accounting for the gaps. If you have significant collection gaps, bake that into the assessment: e.g. Low Confidence
Too many analysts and consumers look for facts. Intelligence is analysis. It's allowed to evolve and change as collection, time, or other considerations change. We're advising consumers to help them make better choices. Not to know the unknowable.
I would advise that analyst to make the group. Sure they can always try to coordinate with others, share, see if other groups/teams see what they see or can expose collection gaps, etc. But that's not always necessary or possible.
One of my favorite articles is the Fifteen Axioms of Intelligence Analysts by Frank Watanabe. It's been in my CTI class for years now as the last slide of the course: https://t.co/45kzw5kLz7
He doesn't start off with anything about being wrong. Or making mistakes. He starts off with "Believe in your own professional judgements." The #2 is "Be aggressive, and do not fear being wrong." It's not until #3 we hear "It is better to be mistaken than to be wrong."
Build confidence with yourself. Then build trust with your consumer. That you are going to deliver the best judgement based on the insights you have at that time. And that if it changes, you'll let them know and admit it. That's really hard to do - but it's vital.
Don't sit on your intelligence and not disseminate it, or overthink it to even finishing your work, if it can be valuable to your consumer. It's always a point in time and based on what you know at that time. You'll never have enough to feel comfortable
The balance is in not blasting your consumer with thinly supported guesses though. Go through your processes. Use your team. "Aggressively pursue collection of information you need." But then make the call. If it was easy it wouldn't be intelligence.

More from Tech

Tinker \u274e
Tinker ❎
@TinkerSec
Singing the Blues:
Taking Down an Insider Threat

"I had all of the advantages. I was already inside the network. No one suspected me. But they found my hack, kicked me off the network...

...and physically hunted me down."


Many pentests start from the outside, wanting to see how the perimeter might be breached.

This pentest started from the inside. My client wanted to assume they had already been breached, and, if breached, how far could an attacker go.

Could they stop me once I was inside?

So they snuck me in. Disguised me as a new employee. Gave me a work computer, an ID badge, an account in their system... hell, I even had a cubicle w/my assumed name on it.

The only person who knew who I really was was their CISO. Everyone else thought I was Jeremy in Marketing.

During most of the first morning, I completed onboarding, made introductions, and completed menial tasks.

But I had to act quick. I only had a week onsite. I had to hack their network while not raising suspicion.

So I set about it.

You have to understand... most "Internal Pentests" are straight forward. The hard part is breaching the network, but once you're inside, it's a target rich environment. End of Life computers, default passwords, everyone a Local Administrator...
TECH
Caleb Porzio
Caleb Porzio
@calebporzio
🎉🎉 PHP 7.3 is here!

Here are the things I'm excited about.

🚂 Trailing commas in function/method calls!

This will certainly be a required styling choice for me. Same delightful benefits of trailing comma in multi-line PHP arrays, and JavaScript objects.


🧵 Less disgusting heredoc syntax!

Inlining heredoc strings in any way right now is grrrosssss. Now we get sensible capabilities. Everything that was wrong with it is now fixed!

(Ignore the bad syntax highlighting)


☠️ Finally, not-so-silent json_decode error detection!

This really sucked before, now it just sucks a bit less (who wants to pass a 4th param and pass 2 default params first? (helper function anybody?)


📜 Not horrible functions for getting the first and last item (or key) from an array!

Before you either strung a bunch of functions together or messed with internal array pointers. This is a much-needed improvement.
TECH
Advertisement
Wilbert Liu \U0001f468\U0001f3fb\u200d\U0001f3a8
Wilbert Liu 👨🏻‍🎨...
@wilbertliu
These past few days I've been experimenting with something new that I want to use by myself.

Interestingly, this thread below has been written by that.

Let me show you how it looks like. 👇🏻


When you see localhost up there, you should know that it's truly an experiment! 😀


It's a dead-simple thread writer that will post a series of tweets a.k.a tweetstorm. ⚡️

I've been personally wanting it myself since few months ago, but neglected it intentionally to make sure it's something that I genuinely need.

So why is that important for me? 🙂

I've been a believer of a story. I tell stories all the time, whether it's in the real world or online like this. Our society has moved by that.

If you're interested by stories that move us, read Sapiens!

One of the stories that I've told was from the launch of Poster.

It's been launched multiple times this year, and Twitter has been my go-to place to tell the world about that.

Here comes my frustration.. 😤
TECH
Pete Savin
Pete Savin
@pete_savin
Wellcome to our virtual walk from Ambleside to Howtown on Lake Ullswater. I’ve based the route on #HadriansHighWay by @fellranger1 which he uses a variant to the main route. Books can be bought direct or through @VindolandaTrust


A view of #Ambleside from Wansfell our starting point in the heart of the #LakeDistrict @CumbriaMagazine


We can start at the roman fort at the edge of #Windermere. The Romans stated to push into the lakes in the early 90’s AD, this fort dates to the rebuild in Hadrian’s Reign possibly after warfare which brought about #HadriansWall #Ambleside


The #Ambleside posting wasn’t always a peaceful one as the gravestone in the @ArmittMuseum shows one man was killed “in the fort”


Time to leave and head out of town passing this scale model of the famous Bridge House in #Ambleside #virtualwalk
TECH
The Captain
The Captain
@TheCaptain182
What an amazing presentation! Loved how @ravidharamshi77 brilliantly started off with global macros & capital markets, and then gradually migrated to Indian equities, summing up his thesis for a bull market case!

@MadhusudanKela @VQIndia @sameervq

My key learnings: ⬇️⬇️⬇️


First, the BEAR case:

1. Bitcoin has surpassed all the bubbles of the last 45 years in extent that includes Gold, Nikkei, dotcom bubble.

2. Cyclically adjusted PE ratio for S&P 500 almost at 1929 (The Great Depression) peaks, at highest levels except the dotcom crisis in 2000.

3. World market cap to GDP ratio presently at 124% vs last 5 years average of 92% & last 10 years average of 85%.
US market cap to GDP nearing 200%.

4. Bitcoin (as an asset class) has moved to the 3rd place in terms of price gains in preceding 3 years before peak (900%); 1st was Tulip bubble in 17th century (rising 2200%).
TECH

You May Also Like

STEALTH JEFF
STEALTH JEFF
@drawandstrike
Here is Editor-in-Chief of the @EpochTimes, @JasperFakkert's response to the slanted hit piece that @Buzzfeed's @HayesBrown put up 2 days ago:

Brown's article at Buzzfeed starts off pretending it's some kind of really off-the-wall notion that Hillary Clinton paid for the creation of the Steele Dossier that was then used to justify the FBI's spying on the Trump campaign & transition team.


After that awful start, he swerves to making accusations that the Epoch Times is connected to the 'cult' Falon Gong.

You can read the article here:

Brown insinuates with no real evidence whatsoever that the Epoch Times is 'Falon Gong-linked'.

The 'evidence' he supplies in his article to 'prove' @EpochTimes is 'Falon Gong-linked is this:

1) the Epoch Times' extensive *news coverage* of China's attempts to wipe out Falon Gong with intense persecution directed at the group since 1999.

2) a reporter *shouting a question in 2006* at then-President George W. Bush about China's persecution of Falon Gong members.
ALL
\U0001f1fa\U0001f1f8I Support Our Military & Law Enforcement\U0001f1fa\U0001f1f8
🇺🇸I Support Our Milita...
@TheWiseOwl_AZ
1. There are more people added on the list of arrests and executions of famous people but no further intel is available at this time.

ARRESTS and EXECUTIONS OF FAMOUS PEOPLE 2020 UPDATED
Explanation of the latest military tribunal arrests and executions of famous people in 2020.

2. The tribunals are arresting these people in plain clothes. We saw the Obama’s arrest, although we didn’t know it was an arrest at the time. The arrest was done nonchalantly so as to not get noticed by the public.
All arrests of these famous people were done this way.

3. If the person is convicted of child sex trafficking, crimes against humanity or treason, they will be executed.
If the person arrested has evidence on someone else to help their prosecution, or is willing to help Trump, & they want to cooperate, they may be allowed to do so.

4. A sentence of execution down to life in prison may be accepted if their evidence is worth anything.
When a plea deal is done, the defendant must present evidence they have to make their sentence lighter. This information is given to the prosecution, defense, and to the judge.

5. If evidence is accepted, they are presented the plea deal. They will have to make a guilty plea to the crime with a video confession & written statement. That is how all plea deals work.

All famous people arrested were either treasonous or involved in satanic worship rituals.
CRIME
Advertisement
Kaspars Ozolins
Kaspars Ozolins
@lettlander
THREAD: Meditations on marriage metaphors in Ruth

The book of Ruth is, of course, a story about a beautiful marriage. But even before the courtship and the wedding and the important genealogy at the end, we find interesting language that is strikingly reminiscent of Genesis 2:24


That important verse reads:

'Therefore a man shall leave [יַֽעֲזָב] his father and his mother and hold fast [וְדָבַ֣ק] to his wife, and they shall become one flesh.'

The verb עזב can be quite strong in force. For example, Joseph leaves behind [וַיַּעֲזֹ֤ב] his garment as he flees from Pharaoh's wife's sexual advances. Countless times, Israel is depicted abandoning the LORD, for example in Judg 2:12 [וַיַּעַזְב֞וּ], and going after other gods.

Likewise, the verb דבק is rather striking. Lot is mortified of disaster overtaking him [תִּדְבָּקַ֥נִי] as he flees from Sodom. Israel is commanded in Deut 10:20 to cling fast [תִדְבָּ֔ק] to the LORD and serve him and swear by his name.

Together they illustrate how radical God designed marriage to be. Marriage is a real severing of family relations in order to form a new, permanent bond with another human being.

Something very similar to this takes places in Ruth's life.
HISTORY
Elizabeth May
Elizabeth May
@_ElizabethMay
This is NONSENSE. The people who take photos with their books on instagram are known to be voracious readers who graciously take time to review books and recommend them to their followers. Part of their medium is to take elaborate, beautiful photos of books. Die mad, Guardian.


THEY DO READ THEM, YOU JUDGY, RACOON-PICKED TRASH BIN


If you come for Bookstagram, i will fight you.

In appreciation, here are some of my favourite bookstagrams of my books: (photos by lit_nerd37, mybookacademy, bookswrotemystory, and scorpio_books)
FUN
Jaya_Upadhyaya
Jaya_Upadhyaya
@Jayalko1
SRI KANTESH HANUMANTHA, KADARAMANDALAGI (KAR)
#bharatmandir

KANTESHA means Prabhu full of brightness.
Here, Sri Hanuman appears with a front face and sparkling eyes. Earlier, the village was also called KANTESHPURI on the name of Kantesha Hanuman.


Several thousands of years ago, Hanuman lived in this village. He once saw the Sun and mistaking it to be a fruit, began flying towards it. Since then, this village came to be known as Kadara Man Dalagi. (Kadar means rays, mandala is cluster of rays).


It is believed that King Janmejaya had set up the shrine to get rid of his difficulties.
There is a small pond on the right side of the kshetram where Teppotsava (Float festival) is celebrated.

Kanaka Dasa has praised Sri Kantesha in his various poetic compositions.


Kanaka Dasa was the first devotee to popularize the power of Kantesha. It is said that once Kanaka Dasa was deeply wounded in a battle. To seek blessings, he visited Tirupati but Sri Venkatesha appeared in his dream and advised him to see Kantesha first before seeing him.
ALL