Matt Kelly
@breakersall.bsky.social
Threat intelligence, threat hunting, reforming red teamer
Reposted by Matt Kelly
Reposted by Matt Kelly
iranian offensive cyber capacities are not resilient or coherent enough to engage in meaningful effects-delivery against hardened targets while their country is actively being blown to shit. also: despite a few minor successes, iran has never matched china or russia in scale of access to USCIKR.
June 16, 2025 at 6:39 PM
iranian offensive cyber capacities are not resilient or coherent enough to engage in meaningful effects-delivery against hardened targets while their country is actively being blown to shit. also: despite a few minor successes, iran has never matched china or russia in scale of access to USCIKR.
Are you referencing CVE-2025-33073? I think you may have typo'ed 33074
msrc.microsoft.com/update-guide...
msrc.microsoft.com/update-guide...
Security Update Guide - Microsoft Security Response Center
msrc.microsoft.com
June 10, 2025 at 5:44 PM
Are you referencing CVE-2025-33073? I think you may have typo'ed 33074
msrc.microsoft.com/update-guide...
msrc.microsoft.com/update-guide...
actions on objective, which can be very important to whether the dwell time # is effective. This is easily observed from the differences of a smash and grab ransom, intentionally destructive attacks, to a intelligence gathering long operations.
Good industry metric, not always great inside measure
Good industry metric, not always great inside measure
April 24, 2025 at 2:26 PM
actions on objective, which can be very important to whether the dwell time # is effective. This is easily observed from the differences of a smash and grab ransom, intentionally destructive attacks, to a intelligence gathering long operations.
Good industry metric, not always great inside measure
Good industry metric, not always great inside measure
While it has a slight uptake this year according to MTrends, hard to say what that means yet. But measuring dwell time without a sophisticated program is perilous as a true measure, as not all incidents or red team engagements are created equal. Dwell time by itself does not correspond with measures
April 24, 2025 at 2:26 PM
While it has a slight uptake this year according to MTrends, hard to say what that means yet. But measuring dwell time without a sophisticated program is perilous as a true measure, as not all incidents or red team engagements are created equal. Dwell time by itself does not correspond with measures
detection and response team's increased capabilities, but instead because one of the most prevalent breach types started announcing their presence in form of ransom notes.
Dwell time was THE metric to track in offensive engagements and IR for the longest time, then it started falling
Dwell time was THE metric to track in offensive engagements and IR for the longest time, then it started falling
April 24, 2025 at 2:26 PM
detection and response team's increased capabilities, but instead because one of the most prevalent breach types started announcing their presence in form of ransom notes.
Dwell time was THE metric to track in offensive engagements and IR for the longest time, then it started falling
Dwell time was THE metric to track in offensive engagements and IR for the longest time, then it started falling
Dwell Time became 'the metric' to track ~10 years ago. Since then it fell from averaging years to days. While this can be correlated with increased D&R capabilities, it also notably decreased from a changing threat landscape. As ransomware grew in popularity, Dwell time decreased regardless of
April 24, 2025 at 2:26 PM
Dwell Time became 'the metric' to track ~10 years ago. Since then it fell from averaging years to days. While this can be correlated with increased D&R capabilities, it also notably decreased from a changing threat landscape. As ransomware grew in popularity, Dwell time decreased regardless of