Matt Kelly
@breakersall.bsky.social
Threat intelligence, threat hunting, reforming red teamer
Predatory Sparrow are "hacktivists" that happens to be skilled at cyber war.
www.wired.com/story/predat...
www.wired.com/story/predat...
June 17, 2025 at 12:30 PM
Predatory Sparrow are "hacktivists" that happens to be skilled at cyber war.
www.wired.com/story/predat...
www.wired.com/story/predat...
"Don't look for breaches, so we don't have to disclose them"
Is the new "no logs, no breach"
www.nextgov.com/cybersecurit...
Is the new "no logs, no breach"
www.nextgov.com/cybersecurit...
June 10, 2025 at 1:20 PM
"Don't look for breaches, so we don't have to disclose them"
Is the new "no logs, no breach"
www.nextgov.com/cybersecurit...
Is the new "no logs, no breach"
www.nextgov.com/cybersecurit...
actions on objective, which can be very important to whether the dwell time # is effective. This is easily observed from the differences of a smash and grab ransom, intentionally destructive attacks, to a intelligence gathering long operations.
Good industry metric, not always great inside measure
Good industry metric, not always great inside measure
April 24, 2025 at 2:26 PM
actions on objective, which can be very important to whether the dwell time # is effective. This is easily observed from the differences of a smash and grab ransom, intentionally destructive attacks, to a intelligence gathering long operations.
Good industry metric, not always great inside measure
Good industry metric, not always great inside measure
detection and response team's increased capabilities, but instead because one of the most prevalent breach types started announcing their presence in form of ransom notes.
Dwell time was THE metric to track in offensive engagements and IR for the longest time, then it started falling
Dwell time was THE metric to track in offensive engagements and IR for the longest time, then it started falling
April 24, 2025 at 2:26 PM
detection and response team's increased capabilities, but instead because one of the most prevalent breach types started announcing their presence in form of ransom notes.
Dwell time was THE metric to track in offensive engagements and IR for the longest time, then it started falling
Dwell time was THE metric to track in offensive engagements and IR for the longest time, then it started falling
Dwell time back?
While Verizon DBIR measured dwell time is still falling, Mandiant MTrends noticed it acutally increased for the first time in years, despite record investment in Cyber and increased sophistication in it's most important countermeasure, effectiveness of detection & response teams. 🧵
While Verizon DBIR measured dwell time is still falling, Mandiant MTrends noticed it acutally increased for the first time in years, despite record investment in Cyber and increased sophistication in it's most important countermeasure, effectiveness of detection & response teams. 🧵
April 24, 2025 at 2:26 PM
Dwell time back?
While Verizon DBIR measured dwell time is still falling, Mandiant MTrends noticed it acutally increased for the first time in years, despite record investment in Cyber and increased sophistication in it's most important countermeasure, effectiveness of detection & response teams. 🧵
While Verizon DBIR measured dwell time is still falling, Mandiant MTrends noticed it acutally increased for the first time in years, despite record investment in Cyber and increased sophistication in it's most important countermeasure, effectiveness of detection & response teams. 🧵