Chris Brook
@chrisbrook.bsky.social
Slowly trying to get back into post-Twitter social media. Likely: Posts about baking, beer, books, movies, etc. Previously: Writing about data protection at Fortra. Now: Writing, content and other stuff at @redcanaryco.bsky.social
Reposted by Chris Brook
ATT&CK v18 is now out! Today marks the release of Detection Strategies, where we've moved from single-sentence notes to structured, behavior-focused strategies across the board. A new blog post describes the changes medium.com/mitre-attack... with details at attack.mitre.org/resources/up....
ATT&CK v18: Detection Strategies, More Adversary Insights,
ATT&CK v18 is released with new Detection Strategies, Analytics, and revamped Data Components!
medium.com
October 28, 2025 at 2:56 PM
ATT&CK v18 is now out! Today marks the release of Detection Strategies, where we've moved from single-sentence notes to structured, behavior-focused strategies across the board. A new blog post describes the changes medium.com/mitre-attack... with details at attack.mitre.org/resources/up....
Hardly ever in Lynn but was today. Sad to learn the rug store with this iconic neon sign apparently closed recently. Wonder what happened to the sign.
October 24, 2025 at 5:32 PM
Hardly ever in Lynn but was today. Sad to learn the rug store with this iconic neon sign apparently closed recently. Wonder what happened to the sign.
Noticed authors love to do this in the @nytimes.com Book Review: Mention a new book that hasn’t even been announced yet, let alone released. Someone did this a few years ask with an Emily St. John Mandel book. This Jami Attenberg book doesn’t exist—yet.
October 23, 2025 at 10:42 PM
Noticed authors love to do this in the @nytimes.com Book Review: Mention a new book that hasn’t even been announced yet, let alone released. Someone did this a few years ask with an Emily St. John Mandel book. This Jami Attenberg book doesn’t exist—yet.
New on the @redcanaryco.bsky.social blog this week: We look at the similarities between the Atomic, Odyssey and Poseidon macOS stealers, shared tactics and anti-analysis techniques: redcanary.com/blog/threat-...
Distinguishing Atomic, Odyssey, and Poseidon stealers on macOS
Set sail with us as we compare and contrast three of the biggest players in the macOS stealer ecosystem: Atomic, Poseidon, and Odyssey
redcanary.com
October 10, 2025 at 7:36 PM
New on the @redcanaryco.bsky.social blog this week: We look at the similarities between the Atomic, Odyssey and Poseidon macOS stealers, shared tactics and anti-analysis techniques: redcanary.com/blog/threat-...
Some helpful and topical content posted to @redcanaryco.bsky.social yesterday. Distilled some great guidance from @forensicitguy.bsky.social on securing npm packages + responding to a compromise: redcanary.com/blog/threat-...
Node problem: Tracking recent npm package compromises | Red Canary
Recent npm supply chain attacks highlight why robust mitigation and response strategies are required for both developers and users.
redcanary.com
September 24, 2025 at 6:59 PM
Some helpful and topical content posted to @redcanaryco.bsky.social yesterday. Distilled some great guidance from @forensicitguy.bsky.social on securing npm packages + responding to a compromise: redcanary.com/blog/threat-...
@redcanaryco.bsky.social's Threat Hunting team recently investigated an incident that illustrates how stealthy and patient an OAuth application attack can be. We breakdown the campaign (and how to defend against these attacks) in this blog:
Understanding OAuth application attacks and defenses | Red Canary
Red Canary’s Threat Hunting team recently uncovered a malicious OAuth application attack, demonstrating the need for specific defenses.
redcanary.com
September 5, 2025 at 1:37 PM
@redcanaryco.bsky.social's Threat Hunting team recently investigated an incident that illustrates how stealthy and patient an OAuth application attack can be. We breakdown the campaign (and how to defend against these attacks) in this blog:
Front page ad for Prager in the NYT today 🥴
August 31, 2025 at 3:13 PM
Front page ad for Prager in the NYT today 🥴
I was offline last week but great to see the @redcanaryco.bsky.social team get this across the goal line. Great research from our intel team on new-to-us malware impacting cloud Linux systems: redcanary.com/blog/threat-...
Patching for persistence: How DripDropper Linux malware moves through the cloud | Red Canary
DripDropper is a Red Canary-named Linux malware variant that uses an encrypted PyInstaller ELF file to communicate with a Dropbox account.
redcanary.com
August 26, 2025 at 3:27 PM
I was offline last week but great to see the @redcanaryco.bsky.social team get this across the goal line. Great research from our intel team on new-to-us malware impacting cloud Linux systems: redcanary.com/blog/threat-...
Deer Isle Oysters at Pilgrim’s Inn. Could eat a lot of these.
August 10, 2025 at 4:47 PM
Deer Isle Oysters at Pilgrim’s Inn. Could eat a lot of these.
Mid-year TDR day! Dig into all of @redcanaryco.bsky.social's findings from the first half of 2025 including a big uptick in cloud identity detections + techniques: redcanary.com/blog/threat-...
Ranking the top threats and ATT&CK techniques for the first half of 2025 | Red Canary
Identity detections climbed, color birds swooped in, and two new cloud techniques broke into our top 10 in the first half of 2025
redcanary.com
August 5, 2025 at 8:40 PM
Mid-year TDR day! Dig into all of @redcanaryco.bsky.social's findings from the first half of 2025 including a big uptick in cloud identity detections + techniques: redcanary.com/blog/threat-...
Scaling Netflix's threat detection pipelines without streaming: blog.dataexpert.io/p/scaling-ne...
Scaling Netflix's threat detection pipelines without streaming
Data orchestration challenges I faced at Netflix, Airbnb, & Facebook (Part II)
blog.dataexpert.io
July 30, 2025 at 2:11 PM
Scaling Netflix's threat detection pipelines without streaming: blog.dataexpert.io/p/scaling-ne...
Another new @redcanaryco.bsky.social blog: I'm not going to @blackhatevents.bsky.social this year but if I were, these are the talks I'd try to attend. Lots of stories + intel for defenders: redcanary.com/blog/securit...
10 Black Hat talks we want to see in 2025 | Red Canary
Talks on bypassing SOCs and initial access—we scoured this year’s list of sessions at Black Hat to find 10 talks worth making time for.
redcanary.com
July 24, 2025 at 2:42 PM
Another new @redcanaryco.bsky.social blog: I'm not going to @blackhatevents.bsky.social this year but if I were, these are the talks I'd try to attend. Lots of stories + intel for defenders: redcanary.com/blog/securit...
Hey, Summercon is streaming today: www.youtube.com/@SummerconFo...
Summercon Foundation
www.youtube.com
July 11, 2025 at 3:17 PM
Hey, Summercon is streaming today: www.youtube.com/@SummerconFo...
MCP servers allow developers to facilitate AI agents to execute code. MCP doesn't include security mechanisms however—the onus is on developers to implement standard security best practices. @redcanaryco.bsky.social's Jesse Griggs navigates the MCP threat landscape: redcanary.com/blog/threat-...
Understanding the threat landscape for MCP and AI workflows
We break down the cybersecurity landscape of Model Context Protocol (MCP) servers and agentic AI workflows, including monitoring advice
redcanary.com
July 11, 2025 at 1:14 PM
MCP servers allow developers to facilitate AI agents to execute code. MCP doesn't include security mechanisms however—the onus is on developers to implement standard security best practices. @redcanaryco.bsky.social's Jesse Griggs navigates the MCP threat landscape: redcanary.com/blog/threat-...
Appreciate what #HillFarmstead does for its Harvest Festival re: curated guest taps, almost like a mini-FW Invitational. I don't think I've been to one since 2011? Whenever you used to be able to camp there afterwards.
July 8, 2025 at 1:18 PM
Appreciate what #HillFarmstead does for its Harvest Festival re: curated guest taps, almost like a mini-FW Invitational. I don't think I've been to one since 2011? Whenever you used to be able to camp there afterwards.
⚛️ Use Atomic Red Team to validate security controls? Test detection coverage? Emulate adversary behaviors? Share how you use the project, suggest new tests, and ask questions at our new subreddit! www.reddit.com/r/atomicredt...
Atomic Red Team
A community for all things related to the Atomic Red Team open source testing library. Use this space to share threat intelligence, suggest new tests, discuss testing priorities, and ask questions abo...
www.reddit.com
June 11, 2025 at 3:43 PM
⚛️ Use Atomic Red Team to validate security controls? Test detection coverage? Emulate adversary behaviors? Share how you use the project, suggest new tests, and ask questions at our new subreddit! www.reddit.com/r/atomicredt...
💫 @redcanaryco.bsky.social has a handful of helpful free, open-source tools, including Surveyor, which can help orgs establish a baseline of their environment and in turn, detect potential anomalies—like unsanctioned RMM tool usage that can be abused for initial access: redcanary.com/blog/threat-...
All about that baseline: Detecting anomalies with Surveyor | Red Canary
The Surveyor open source tool can help organizations establish a baseline of their environment, verify activity, and investigate anomalies.
redcanary.com
June 5, 2025 at 3:20 PM
💫 @redcanaryco.bsky.social has a handful of helpful free, open-source tools, including Surveyor, which can help orgs establish a baseline of their environment and in turn, detect potential anomalies—like unsanctioned RMM tool usage that can be abused for initial access: redcanary.com/blog/threat-...
Take a bad thing and make it worse
May 20, 2025 at 6:02 PM
Take a bad thing and make it worse
Haim industrial complex is working overtime this year.
April 28, 2025 at 7:54 PM
Haim industrial complex is working overtime this year.
Median time to respond. Mean time to respond. Mean time to acknowledge. Time-based metrics can be misleading and problematic, whether you’re consuming or creating them. redcanary.com/blog/threat-...
Cybersecurity metrics that matter (and how to measure them) | Red Canary
Which cybersecurity metrics should SOC teams be tracking to measure their success in detecting and responding to threats?
redcanary.com
April 24, 2025 at 2:43 PM
Median time to respond. Mean time to respond. Mean time to acknowledge. Time-based metrics can be misleading and problematic, whether you’re consuming or creating them. redcanary.com/blog/threat-...
New ATT&CK @attack.mitre.org version (v7) includes ESXi + four new techniques designed for it, expanded cloud security + Linux coverage, new mobile techniques: medium.com/mitre-attack...
ATT&CK v17: New Platform (ESXi), Collection Optimization, & More Countermeasures
By: Amy Robertson and Adam Pennington
medium.com
April 23, 2025 at 1:10 PM
New ATT&CK @attack.mitre.org version (v7) includes ESXi + four new techniques designed for it, expanded cloud security + Linux coverage, new mobile techniques: medium.com/mitre-attack...
Finally finished The Antidote. Fitting to end with a Land Lost Acknowledgement.
April 18, 2025 at 2:12 AM
Finally finished The Antidote. Fitting to end with a Land Lost Acknowledgement.
New Lana song titled something I say literally everyday: www.youtube.com/watch?v=nDYY...
Lana Del Rey - Henry, come on (Audio)
YouTube video by Lana Del Rey
www.youtube.com
April 11, 2025 at 6:39 PM
New Lana song titled something I say literally everyday: www.youtube.com/watch?v=nDYY...
Did a deep dive on this year's #RSAC schedule (500+ sessions!) for Red Canary and found what I thought were some interesting talks on adversary emulation, detection engineering, and yes, AI—it's unavoidable! redcanary.com/blog/securit...
The RSA Conference talks worth catching in 2025 | Red Canary
How AI agents can help purple teaming, inside the stolen credential ecosystem, and more: We read through the RSA agenda so you don't have to.
redcanary.com
April 3, 2025 at 5:45 PM
Did a deep dive on this year's #RSAC schedule (500+ sessions!) for Red Canary and found what I thought were some interesting talks on adversary emulation, detection engineering, and yes, AI—it's unavoidable! redcanary.com/blog/securit...
Heard a great story about the always fascinating feral hog on @npr.org yesterday. Not a problem here but wild they cause $2.5 billion in damages every year: www.npr.org/2025/03/25/n...
Feral hogs are hard to catch, trappers are trying to outsmart them
Ever since they were introduced, feral hogs have spread to 35 states. Now, farmers think of the intelligent pigs as a menace and trappers are trying to outsmart them.
www.npr.org
March 27, 2025 at 12:25 PM
Heard a great story about the always fascinating feral hog on @npr.org yesterday. Not a problem here but wild they cause $2.5 billion in damages every year: www.npr.org/2025/03/25/n...