Matt Kelly
@breakersall.bsky.social
Threat intelligence, threat hunting, reforming red teamer
Reposted by Matt Kelly
The Com, criminal hacking ethics, and off-ramps, this talk from Allison is compelling and excellent. Take a watch.
My BSidesLV keynote is here. It touches on several difficult topics in our industry. Topics best discussed in person. As our industry spends this week in Vegas, please share this talk with your peers and discuss in person.
www.youtube.com/watch?v=4CD9...
www.youtube.com/watch?v=4CD9...
BsidesLV 2025 - Breaking Ground - Monday
YouTube video by BSidesLV
www.youtube.com
August 6, 2025 at 1:29 PM
The Com, criminal hacking ethics, and off-ramps, this talk from Allison is compelling and excellent. Take a watch.
Reposted by Matt Kelly
🚨 Another Internet blackout in Iran has begun at 12:50 UTC (4:20pm local). 🚨
Numerous Iranian service providers now offline in new national Internet blackout.
Numerous Iranian service providers now offline in new national Internet blackout.
June 18, 2025 at 1:44 PM
🚨 Another Internet blackout in Iran has begun at 12:50 UTC (4:20pm local). 🚨
Numerous Iranian service providers now offline in new national Internet blackout.
Numerous Iranian service providers now offline in new national Internet blackout.
Predatory Sparrow are "hacktivists" that happens to be skilled at cyber war.
www.wired.com/story/predat...
www.wired.com/story/predat...
June 17, 2025 at 12:30 PM
Predatory Sparrow are "hacktivists" that happens to be skilled at cyber war.
www.wired.com/story/predat...
www.wired.com/story/predat...
Reposted by Matt Kelly
iranian offensive cyber capacities are not resilient or coherent enough to engage in meaningful effects-delivery against hardened targets while their country is actively being blown to shit. also: despite a few minor successes, iran has never matched china or russia in scale of access to USCIKR.
June 16, 2025 at 6:39 PM
iranian offensive cyber capacities are not resilient or coherent enough to engage in meaningful effects-delivery against hardened targets while their country is actively being blown to shit. also: despite a few minor successes, iran has never matched china or russia in scale of access to USCIKR.
Reposted by Matt Kelly
"Over four months, LLM users consistently underperformed at neural, linguistic, and behavioral levels. These results raise concerns about the long-term educational implications of LLM reliance and underscore the need for deeper inquiry into AI's role in learning."
More research on the cognitive deficit of relying only on AI... you can't even remember the information you called up. That's how learning works! arxiv.org/abs/2506.08872
Your Brain on ChatGPT: Accumulation of Cognitive Debt when Using an AI Assistant for Essay Writing Task
This study explores the neural and behavioral consequences of LLM-assisted essay writing. Participants were divided into three groups: LLM, Search Engine, and Brain-only (no tools). Each completed thr...
arxiv.org
June 16, 2025 at 12:35 PM
"Over four months, LLM users consistently underperformed at neural, linguistic, and behavioral levels. These results raise concerns about the long-term educational implications of LLM reliance and underscore the need for deeper inquiry into AI's role in learning."
Reposted by Matt Kelly
Cubs, Royals, and Brewers held Pride Nights today. Notable in Chicago was a community group called “Play Catch with a Dad” that serves members of the LGBTQ+ community who have been disenfranchised by their families.
June 13, 2025 at 3:26 AM
Cubs, Royals, and Brewers held Pride Nights today. Notable in Chicago was a community group called “Play Catch with a Dad” that serves members of the LGBTQ+ community who have been disenfranchised by their families.
SMB to RCE via Kerberos coercion, nasty vuln and great research. Get patching.
🚨 Our new blog post about Windows CVE-2025-33073 which we discovered is live:
🪞The Reflective Kerberos Relay Attack - Remote privilege escalation from low-priv user to SYSTEM with RCE by applying a long forgotten NTLM relay technique to Kerberos:
blog.redteam-pentesting.de/2025/reflect...
🪞The Reflective Kerberos Relay Attack - Remote privilege escalation from low-priv user to SYSTEM with RCE by applying a long forgotten NTLM relay technique to Kerberos:
blog.redteam-pentesting.de/2025/reflect...
A Look in the Mirror - The Reflective Kerberos Relay Attack
It is a sad truth in IT security that some vulnerabilities never quite want to die and time and time again, vulnerabilities that have long been fixed get revived and come right back at you. While rese...
blog.redteam-pentesting.de
June 11, 2025 at 10:50 AM
SMB to RCE via Kerberos coercion, nasty vuln and great research. Get patching.
"Don't look for breaches, so we don't have to disclose them"
Is the new "no logs, no breach"
www.nextgov.com/cybersecurit...
Is the new "no logs, no breach"
www.nextgov.com/cybersecurit...
June 10, 2025 at 1:20 PM
"Don't look for breaches, so we don't have to disclose them"
Is the new "no logs, no breach"
www.nextgov.com/cybersecurit...
Is the new "no logs, no breach"
www.nextgov.com/cybersecurit...
PR teams: just add "with Agentic AI" to end, then full send
May 27, 2025 at 10:11 PM
PR teams: just add "with Agentic AI" to end, then full send
Reposted by Matt Kelly
Is the era of the “named actor” done?
As the OG adversary sets diverge, get promoted, or move on
actors dispersing across the kill chain based on specialized skills increases (ORBs, criminal underground)
AND the CTI models maturing…
APTs ⬇️⬇️
UNCs ⬆️⬆️
As the OG adversary sets diverge, get promoted, or move on
actors dispersing across the kill chain based on specialized skills increases (ORBs, criminal underground)
AND the CTI models maturing…
APTs ⬇️⬇️
UNCs ⬆️⬆️
May 21, 2025 at 8:15 PM
Is the era of the “named actor” done?
As the OG adversary sets diverge, get promoted, or move on
actors dispersing across the kill chain based on specialized skills increases (ORBs, criminal underground)
AND the CTI models maturing…
APTs ⬇️⬇️
UNCs ⬆️⬆️
As the OG adversary sets diverge, get promoted, or move on
actors dispersing across the kill chain based on specialized skills increases (ORBs, criminal underground)
AND the CTI models maturing…
APTs ⬇️⬇️
UNCs ⬆️⬆️
Reposted by Matt Kelly
I made SonicWall’s hall of fame for this one. Patch your firewalls (again), folks!
bishopfox.com/blog/sonicwa...
bishopfox.com/blog/sonicwa...
SonicWall Sonicos Versions 7.1.x and 8.0.x
Blog describes how Bishop Fox staff identified a vulnerability in SonicWall SonicOS 7.1.x and 8.0.x in the SSL VPN service and solutions for customers.
bishopfox.com
April 25, 2025 at 1:53 AM
I made SonicWall’s hall of fame for this one. Patch your firewalls (again), folks!
bishopfox.com/blog/sonicwa...
bishopfox.com/blog/sonicwa...
Dwell time back?
While Verizon DBIR measured dwell time is still falling, Mandiant MTrends noticed it acutally increased for the first time in years, despite record investment in Cyber and increased sophistication in it's most important countermeasure, effectiveness of detection & response teams. 🧵
While Verizon DBIR measured dwell time is still falling, Mandiant MTrends noticed it acutally increased for the first time in years, despite record investment in Cyber and increased sophistication in it's most important countermeasure, effectiveness of detection & response teams. 🧵
April 24, 2025 at 2:26 PM
Dwell time back?
While Verizon DBIR measured dwell time is still falling, Mandiant MTrends noticed it acutally increased for the first time in years, despite record investment in Cyber and increased sophistication in it's most important countermeasure, effectiveness of detection & response teams. 🧵
While Verizon DBIR measured dwell time is still falling, Mandiant MTrends noticed it acutally increased for the first time in years, despite record investment in Cyber and increased sophistication in it's most important countermeasure, effectiveness of detection & response teams. 🧵
For fans of root cause of catastrophic (often bureaucratic) failure, such as reports from CISA's Cyber Safety Review Board reports, recommend Challenger, by the same author of Incident Response required reading Midnight in Chernobyl. #RecommendedReading www.simonandschuster.com/books/Challe...
Challenger
Winner of the 2024 Kirkus Nonfiction Prize • Shortlisted for the 2025 Andrew Carnegie Medal for Excellence in Nonfiction • A New York Times Notable...
www.simonandschuster.com
December 13, 2024 at 2:28 AM
For fans of root cause of catastrophic (often bureaucratic) failure, such as reports from CISA's Cyber Safety Review Board reports, recommend Challenger, by the same author of Incident Response required reading Midnight in Chernobyl. #RecommendedReading www.simonandschuster.com/books/Challe...
Seeing blue skies, even though it is grey here in Chicago.
February 5, 2024 at 4:31 PM
Seeing blue skies, even though it is grey here in Chicago.