I’ve caught Spotify doing random very long dns lookup requests before. Looked a lot like data exfil to me.

Sir, this is a Wendy’s.

This is all part of a broader arch. Advocate for research as a public good, advocate for researchers, and don't let others short-sighted self-interest & lack of imagination create a situation that only benefits them. How? Offer a win-win vision that honors (what were once) shared values. ...

It's also a way to continue to encourage, pyramid of pain thinking in the industry. Chase the behaviors. Chase the tradecraft. Sort by most popular tool, write the 100th signature for an already signatured detection surface, doesn't yield gains--makes a lazy blog post on a slow day, but not progress

And, what of Breach Intel? A culture that values ground truth and sober/blameless discussion. A focus on root causes, contributing factors, and actionable remediations... not sensationalized tool/actor porn. It's possible:

www.cisa.gov/news-events/...

I think of it as an umbrella ideal.

I made predictions in 2019 at my last talk. A keynote lamenting things were going in a VERY bad direction for hackers. This climate continues. I'm trying steps to influence these trends too. Easier as a ghost more removed from these trends vs. someone being crushed by them

H/T x.com/edskoudis/st...

By the way, who thinks about what does and doesn't work (and why)? Security researchers. Red teams. That's our message. And, when you vilify us, you kick us out of the conversation because we have to protect ourselves too. And, this vilification has gone on for a long damned time.

Imagine a discipline called Breach Intelligence. Instead of describing breaches as tools+actors, we use root-cause analysis to dissect the attack path, identify contrib factor issues, and their mitigations. And, aggregate data about which compensating controls (security products) failed