Craig Chamberlain
@randomuserid.bsky.social
Five startups, three exits, principal at QRadar, Elastic, Uptycs. Working on applying AI and ML to threat hunting. Organizer of openDR, a group of security researchers and data scientists.
https://github.com/opendr-io
https://github.com/opendr-io
I'll also be giving this talk at BSides SW about the PROTOSTAR project. . Bottom line, I think AI can help us solve this, but not as a "quick fix" where we throw existing alerts at it, from existing tools. The real question is, are we solving false positives with AI, or are we just monetizing them?
November 14, 2025 at 4:15 PM
I'll also be giving this talk at BSides SW about the PROTOSTAR project. . Bottom line, I think AI can help us solve this, but not as a "quick fix" where we throw existing alerts at it, from existing tools. The real question is, are we solving false positives with AI, or are we just monetizing them?
I'll be presenting the CAUSALITY intrusion prediction project for the third time at BSides Fort Myers November 15. This blog / video combination gives a brief overview of the project and the 132 correct CVE predictions it has made this year.
blog / show and tell is here: lnkd.in/ec-RH4zs
blog / show and tell is here: lnkd.in/ec-RH4zs
November 14, 2025 at 4:14 PM
I'll be presenting the CAUSALITY intrusion prediction project for the third time at BSides Fort Myers November 15. This blog / video combination gives a brief overview of the project and the 132 correct CVE predictions it has made this year.
blog / show and tell is here: lnkd.in/ec-RH4zs
blog / show and tell is here: lnkd.in/ec-RH4zs
Reading gzipped CloudTrail files from an S3 bucket directly into a data-frame is possible
October 28, 2025 at 7:17 PM
Reading gzipped CloudTrail files from an S3 bucket directly into a data-frame is possible
It is def getting harder to confuse the models with questions like how many legs does a dog or cat have. And they seem to be developing a lot of personality
June 26, 2025 at 11:27 PM
It is def getting harder to confuse the models with questions like how many legs does a dog or cat have. And they seem to be developing a lot of personality
My neighbor runs a GC crew and hooked me up with new siding. We discovered a door to a crawlspace under my porch while they removed the old siding and now I be like:
June 1, 2025 at 12:59 PM
My neighbor runs a GC crew and hooked me up with new siding. We discovered a door to a crawlspace under my porch while they removed the old siding and now I be like:
Here is a quick 2 minute show and tell of OpenDR, a FOSS EDR alternative in Python, simple to set up and use so it is an option in environments where agents are not a cultural fit. If you like it, please give it some stars. And tell us what you want us to add!
github.com/cyberdyne-ve...
github.com/cyberdyne-ve...
May 1, 2025 at 6:50 PM
Here is a quick 2 minute show and tell of OpenDR, a FOSS EDR alternative in Python, simple to set up and use so it is an option in environments where agents are not a cultural fit. If you like it, please give it some stars. And tell us what you want us to add!
github.com/cyberdyne-ve...
github.com/cyberdyne-ve...
I got my first provable CVE prediction! So here is a prediction I can prove was made forward in time. On the Jan 3 run, my model predicted CVE-2024-12686 was going 'hot.' This CVE was added to the KEV today, ten days later.
www.linkedin.com/posts/activi...
github.com/cyberdyne-ve...
www.linkedin.com/posts/activi...
github.com/cyberdyne-ve...
GitHub - cyberdyne-ventures/predictions: A repo for output of an experimental intrusion prediction project
A repo for output of an experimental intrusion prediction project - cyberdyne-ventures/predictions
github.com
January 14, 2025 at 5:27 PM
I got my first provable CVE prediction! So here is a prediction I can prove was made forward in time. On the Jan 3 run, my model predicted CVE-2024-12686 was going 'hot.' This CVE was added to the KEV today, ten days later.
www.linkedin.com/posts/activi...
github.com/cyberdyne-ve...
www.linkedin.com/posts/activi...
github.com/cyberdyne-ve...
So there's something like 5-10 million tons of deadwood and brush in the Los Angeles Hills that is essentially kindling. Burning it would make too much smoke.
What about this: remove it all to a national firewood reserve for use in cold weather disaster zones where people heat with wood stoves.
What about this: remove it all to a national firewood reserve for use in cold weather disaster zones where people heat with wood stoves.
January 11, 2025 at 11:12 PM
So there's something like 5-10 million tons of deadwood and brush in the Los Angeles Hills that is essentially kindling. Burning it would make too much smoke.
What about this: remove it all to a national firewood reserve for use in cold weather disaster zones where people heat with wood stoves.
What about this: remove it all to a national firewood reserve for use in cold weather disaster zones where people heat with wood stoves.
What do we call living off the land in Python?
ftp - for ftp based exfil
email and impalib - for email collection
scapy - network enumeration, sniffing and creating routes
netfilterqueue - DNS tampering
requests - for using one of 9 proxies
socket, subprocess, sys - reverse shell
ftp - for ftp based exfil
email and impalib - for email collection
scapy - network enumeration, sniffing and creating routes
netfilterqueue - DNS tampering
requests - for using one of 9 proxies
socket, subprocess, sys - reverse shell
January 9, 2025 at 7:52 PM
What do we call living off the land in Python?
ftp - for ftp based exfil
email and impalib - for email collection
scapy - network enumeration, sniffing and creating routes
netfilterqueue - DNS tampering
requests - for using one of 9 proxies
socket, subprocess, sys - reverse shell
ftp - for ftp based exfil
email and impalib - for email collection
scapy - network enumeration, sniffing and creating routes
netfilterqueue - DNS tampering
requests - for using one of 9 proxies
socket, subprocess, sys - reverse shell
Let's put the CVE list in json instead of CSV, they said
we can have as many nested fields as we want, they said
json is the future, they said, it will be great
we can have as many nested fields as we want, they said
json is the future, they said, it will be great
January 3, 2025 at 2:47 AM
Let's put the CVE list in json instead of CSV, they said
we can have as many nested fields as we want, they said
json is the future, they said, it will be great
we can have as many nested fields as we want, they said
json is the future, they said, it will be great
TIL an iPhone can survive 7 minutes in a washing machine and it’s probably fine
December 21, 2024 at 7:53 PM
TIL an iPhone can survive 7 minutes in a washing machine and it’s probably fine
Loading the 2024 CVE set into a data frame (it is bigger than it looks)
December 16, 2024 at 11:07 PM
Loading the 2024 CVE set into a data frame (it is bigger than it looks)