John Stoner
@stonerpsu.bsky.social
Reposted by John Stoner
Read this: www.wgbh.org/news/local/2...
December 7, 2025 at 12:22 AM
Read this: www.wgbh.org/news/local/2...
Quite the article on illegals operating across multiple countries. Fascinating article from wsj!
www.wsj.com/world/europe...
www.wsj.com/world/europe...
The Global Hunt for Putin’s ‘Sleeper Agents’
A quiet suburban mom, a hard-drinking war correspondent and an Arctic researcher were hiding in plain sight, championed by the Kremlin’s No. 1 fan of spy fiction.
www.wsj.com
December 21, 2024 at 6:23 PM
Quite the article on illegals operating across multiple countries. Fascinating article from wsj!
www.wsj.com/world/europe...
www.wsj.com/world/europe...
My last blog for 2024 is an alliteration of Ts; Top Ten Troubleshooting Tips for YARA-L for Google #SecOps! I hope these tips are helpful and for those who use other #siem solutions that there are helpful nuggets that can be used for your own detections!
www.googlecloudcommunity.com/gc/Community...
www.googlecloudcommunity.com/gc/Community...
New to Google Secops: Top Ten YARA-L Rules Troubleshooting Tips
I’ve been asked a few times in the past month for tips that I use to troubleshoot YARA-L rules. As I thought about it, I realized this covers a lot of ground because when building detection logic, we ...
www.googlecloudcommunity.com
December 18, 2024 at 7:24 PM
My last blog for 2024 is an alliteration of Ts; Top Ten Troubleshooting Tips for YARA-L for Google #SecOps! I hope these tips are helpful and for those who use other #siem solutions that there are helpful nuggets that can be used for your own detections!
www.googlecloudcommunity.com/gc/Community...
www.googlecloudcommunity.com/gc/Community...
Loads of great stuff presented at @cyberwarcon.bsky.social and I've posted about a few already, but here's one more to check out, the team at @volexity.com often has interesting stuff to share but this investigation termed "nearest neighbor" is wild stuff www.volexity.com/blog/2024/11...
The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access
In early February 2022, notably just ahead of the Russian invasion of Ukraine, Volexity made a discovery that led to one of the most fascinating and complex incident investigations Volexity had ever w...
www.volexity.com
November 26, 2024 at 6:22 PM
Loads of great stuff presented at @cyberwarcon.bsky.social and I've posted about a few already, but here's one more to check out, the team at @volexity.com often has interesting stuff to share but this investigation termed "nearest neighbor" is wild stuff www.volexity.com/blog/2024/11...
Another fun talk from @cyberwarcon.bsky.social was Aurora Johnson and Kyla Cardona from @spycloud.bsky.social discussing user data being sold as it was being pulled from China's vast databases Here's one of their blogs spycloud.com/blog/deep-di... and the story in Wired www.wired.com/story/chines...
China’s Surveillance State Is Selling Citizen Data as a Side Hustle
Chinese black market operators are openly recruiting government agency insiders, paying them for access to surveillance data and then reselling it online—no questions asked.
www.wired.com
November 25, 2024 at 6:13 PM
Another fun talk from @cyberwarcon.bsky.social was Aurora Johnson and Kyla Cardona from @spycloud.bsky.social discussing user data being sold as it was being pulled from China's vast databases Here's one of their blogs spycloud.com/blog/deep-di... and the story in Wired www.wired.com/story/chines...
Fascinating turbo talks on Russia and China information operations by Google TAG analysts Vanessa Molter and Zak Butler @cyberwarcon.bsky.social cloud.google.com/blog/topics/...
Seeing Through a GLASSBRIDGE: Understanding the Digital Marketing Ecosystem Spreading Pro-PRC Influence Operations | Google Cloud Blog
GLASSBRIDGE is an umbrella group of four different companies that operate networks of inauthentic news sites and newswire services.
cloud.google.com
November 22, 2024 at 7:56 PM
Fascinating turbo talks on Russia and China information operations by Google TAG analysts Vanessa Molter and Zak Butler @cyberwarcon.bsky.social cloud.google.com/blog/topics/...
Fascinating talk by Mike Torrey from Meta on Russia’s Doppelgänger influence operations and how Meta actively combats it daily @cyberwarcon.bsky.social
November 22, 2024 at 4:27 PM
Fascinating talk by Mike Torrey from Meta on Russia’s Doppelgänger influence operations and how Meta actively combats it daily @cyberwarcon.bsky.social
Anytime I can work The Smiths into my title is a good day for the New to Google Cloud Security #secops blog. We cover a time function to calculate diffs using various time units to be used in rules and searches #threathunting #detectionengineering www.googlecloudcommunity.com/gc/Community...
New to Google SecOps: What Difference Does It Make?
We’ve previously looked at different functions that can be helpful when working with timestamps. For instance, timestamp.get_timestamp can provide various formats for dates and times to be displayed i...
www.googlecloudcommunity.com
November 14, 2024 at 4:33 PM
Anytime I can work The Smiths into my title is a good day for the New to Google Cloud Security #secops blog. We cover a time function to calculate diffs using various time units to be used in rules and searches #threathunting #detectionengineering www.googlecloudcommunity.com/gc/Community...
After a January reset, we're back in a new location with more New to Chronicle goodness. Today, we're looking at how alerts and detections can be viewed in relation to its entities within the Alert Graph.Check this out and much more at the Google Cloud #secops community!
New to Chronicle: Alert Graph - Part 1
Welcome to a new year, and with it comes a two-part blog on the Chronicle Security Operations platform alert graph. I thought I was going to be able to squeeze it all into a single post, but as I dug further and further, I realized we couldn’t do it justice in a single blog. So, in this first post w...
www.googlecloudcommunity.com
February 7, 2024 at 11:05 PM
After a January reset, we're back in a new location with more New to Chronicle goodness. Today, we're looking at how alerts and detections can be viewed in relation to its entities within the Alert Graph.Check this out and much more at the Google Cloud #secops community!
Today I'm going to wrap up our last New to Chronicle blog of the year and share the work we've been doing on getting community rules underway and looking ahead to next year! #secops chronicle.security/blog/posts/n...
December 20, 2023 at 4:15 PM
Today I'm going to wrap up our last New to Chronicle blog of the year and share the work we've been doing on getting community rules underway and looking ahead to next year! #secops chronicle.security/blog/posts/n...
In this installment of the Google Cloud New to Chronicle blog series, we take a look at saving, re-using, sharing and template-izing those well crafted searches for others in your organization to benefit from! #secops
chronicle.security/blog/posts/n...
chronicle.security/blog/posts/n...
November 30, 2023 at 4:40 PM
In this installment of the Google Cloud New to Chronicle blog series, we take a look at saving, re-using, sharing and template-izing those well crafted searches for others in your organization to benefit from! #secops
chronicle.security/blog/posts/n...
chronicle.security/blog/posts/n...
And now for the conclusion to our building our dashboard arc in New to Chronicle, here are tips on formatting and filtering to pass parameters into the dashboard. Then we cover how you can share your dashboards with your friends and neighbors! chronicle.security/blog/posts/n... #secops #siem
November 9, 2023 at 5:22 PM
And now for the conclusion to our building our dashboard arc in New to Chronicle, here are tips on formatting and filtering to pass parameters into the dashboard. Then we cover how you can share your dashboards with your friends and neighbors! chronicle.security/blog/posts/n... #secops #siem
Heading to @cyberwarcon.bsky.social tomorrow and looking forward to it, not the drive, but I'll take it in return for the content! #cyberwarcon
November 8, 2023 at 3:53 PM
Heading to @cyberwarcon.bsky.social tomorrow and looking forward to it, not the drive, but I'll take it in return for the content! #cyberwarcon
This is a bit delayed, but here's my talk from SANS DFIR in Austin on visibility around a Golden SAML attack and subsequent cloud activity in both Azure AD and O365. Big thanks to Heather and Phil and team for giving me an opportunity to present! www.youtube.com/watch?v=Vpgi...
October 31, 2023 at 1:46 PM
This is a bit delayed, but here's my talk from SANS DFIR in Austin on visibility around a Golden SAML attack and subsequent cloud activity in both Azure AD and O365. Big thanks to Heather and Phil and team for giving me an opportunity to present! www.youtube.com/watch?v=Vpgi...