Blove
@b-levene.bsky.social
Head of Threat Informed Defense @Google
Cybercrime Specialist
Adjunct Professor at Johns Hopkins School of Advanced International Studies Alperovitch Institute
Meme Fiend
Aka “BLove”
Cybercrime Specialist
Adjunct Professor at Johns Hopkins School of Advanced International Studies Alperovitch Institute
Meme Fiend
Aka “BLove”
Reposted by Blove
NEW: Mercenary spyware is coming to the US.
ICE just quietly unsuspended their contract with spyware maker #Paragon.
Remember them? Caught earlier this year being used to hack Italian journalists.
This is bad, let's talk about how we got here 1/
jackpoulson.substack.com/p/exclusive-...
ICE just quietly unsuspended their contract with spyware maker #Paragon.
Remember them? Caught earlier this year being used to hack Italian journalists.
This is bad, let's talk about how we got here 1/
jackpoulson.substack.com/p/exclusive-...
Exclusive: ICE reactivated its $2 million contract with Israeli spyware firm Paragon, following its acquisition by U.S. capital
The cyber division of ICE's Homeland Security Investigations on Saturday quietly lifted a stop-work order put into place by the Biden administration in October.
jackpoulson.substack.com
September 2, 2025 at 1:16 AM
NEW: Mercenary spyware is coming to the US.
ICE just quietly unsuspended their contract with spyware maker #Paragon.
Remember them? Caught earlier this year being used to hack Italian journalists.
This is bad, let's talk about how we got here 1/
jackpoulson.substack.com/p/exclusive-...
ICE just quietly unsuspended their contract with spyware maker #Paragon.
Remember them? Caught earlier this year being used to hack Italian journalists.
This is bad, let's talk about how we got here 1/
jackpoulson.substack.com/p/exclusive-...
Let’s assume that the traditional “confusion matrix” we often use in science for measuring efficacy (TP/FP/FN/TN) is not available (and really, you shouldn’t use it). What metrics would you collect to directly or indirectly measure the efficacy and quality of your detection engineering efforts?
December 9, 2024 at 11:10 PM
Let’s assume that the traditional “confusion matrix” we often use in science for measuring efficacy (TP/FP/FN/TN) is not available (and really, you shouldn’t use it). What metrics would you collect to directly or indirectly measure the efficacy and quality of your detection engineering efforts?
Reposted by Blove
Expecting a tidal wave of attacks against knowledge generation.
Old playbook:
Step 1: source some overly academic prose / niche research.
Step 2: Strip any context.
Step 3: Ridicule the scholar & encourage attacks. Denounce the field.
Step 4: Call for federal funding cuts & bans.
Old playbook:
Step 1: source some overly academic prose / niche research.
Step 2: Strip any context.
Step 3: Ridicule the scholar & encourage attacks. Denounce the field.
Step 4: Call for federal funding cuts & bans.
December 1, 2024 at 8:50 PM
Expecting a tidal wave of attacks against knowledge generation.
Old playbook:
Step 1: source some overly academic prose / niche research.
Step 2: Strip any context.
Step 3: Ridicule the scholar & encourage attacks. Denounce the field.
Step 4: Call for federal funding cuts & bans.
Old playbook:
Step 1: source some overly academic prose / niche research.
Step 2: Strip any context.
Step 3: Ridicule the scholar & encourage attacks. Denounce the field.
Step 4: Call for federal funding cuts & bans.
Reposted by Blove
#PIVOTcon25 #CfP is open and you can submit your proposals till 7 FEB 2025
Remember
- one track,30m
- no recording/streaming/tweeting. U should feel comfy to share more
- No TLP:WHITE
- Original content only
Let us guide u through with a little meme-thread
#CTI #ThreatIntel 1/10
Remember
- one track,30m
- no recording/streaming/tweeting. U should feel comfy to share more
- No TLP:WHITE
- Original content only
Let us guide u through with a little meme-thread
#CTI #ThreatIntel 1/10
November 27, 2024 at 3:11 PM
#PIVOTcon25 #CfP is open and you can submit your proposals till 7 FEB 2025
Remember
- one track,30m
- no recording/streaming/tweeting. U should feel comfy to share more
- No TLP:WHITE
- Original content only
Let us guide u through with a little meme-thread
#CTI #ThreatIntel 1/10
Remember
- one track,30m
- no recording/streaming/tweeting. U should feel comfy to share more
- No TLP:WHITE
- Original content only
Let us guide u through with a little meme-thread
#CTI #ThreatIntel 1/10
Scenario: You’re airdropped into an org with tons of detection rules. What questions do you ask and why?
So far I’ve been examining source prominence, distribution of tactics (“Coverage”), and I’m working on mapping “intent” (what is the expectation of putting this signal in front of an analyst).
So far I’ve been examining source prominence, distribution of tactics (“Coverage”), and I’m working on mapping “intent” (what is the expectation of putting this signal in front of an analyst).
November 21, 2024 at 1:24 AM
Scenario: You’re airdropped into an org with tons of detection rules. What questions do you ask and why?
So far I’ve been examining source prominence, distribution of tactics (“Coverage”), and I’m working on mapping “intent” (what is the expectation of putting this signal in front of an analyst).
So far I’ve been examining source prominence, distribution of tactics (“Coverage”), and I’m working on mapping “intent” (what is the expectation of putting this signal in front of an analyst).