Regular Obsession
@reg0bs.bsky.social
Infosec and Data Enthusiast. Lecturer. Course Author. Coffee Nerd. He/Him.
Thanks to @quinnypig.com's newsletter I stumbled upon this gem: Instead of providing a Sigma rule to copy/paste or download, AWS (or its AI) decided to include step by step instructions on what values to put in what fields: aws.amazon.com/security/sec...
October 14, 2025 at 7:53 AM
Thanks to @quinnypig.com's newsletter I stumbled upon this gem: Instead of providing a Sigma rule to copy/paste or download, AWS (or its AI) decided to include step by step instructions on what values to put in what fields: aws.amazon.com/security/sec...
I don't know many CISOs, but judging by the endless stream of "CISO guides" vendors keep cranking out, apparently the industry thinks they're all winging it.
August 1, 2025 at 2:57 PM
I don't know many CISOs, but judging by the endless stream of "CISO guides" vendors keep cranking out, apparently the industry thinks they're all winging it.
Who says I can't be all 3?
June 2, 2025 at 12:49 PM
Who says I can't be all 3?
To the person who decided that certificates in /usr/local/share/ca-certificates have to have a .crt file extension:
Please be aware, that I'm not a huge fan of your decisions.
Please be aware, that I'm not a huge fan of your decisions.
April 29, 2025 at 9:49 AM
To the person who decided that certificates in /usr/local/share/ca-certificates have to have a .crt file extension:
Please be aware, that I'm not a huge fan of your decisions.
Please be aware, that I'm not a huge fan of your decisions.
Dragonball detection engineering: When your goal is to get over 9000.
February 17, 2025 at 8:07 PM
Dragonball detection engineering: When your goal is to get over 9000.
What's your take on alert scoring?
High/medium/low vs. 0 - 100 vs. record/notification/page? Static per rule vs. influenced by subject or other attribute (e.g. if user == admin: score++)
Communicated attribute: Severity vs. urgency vs. confidence...? One of them, a combo?
High/medium/low vs. 0 - 100 vs. record/notification/page? Static per rule vs. influenced by subject or other attribute (e.g. if user == admin: score++)
Communicated attribute: Severity vs. urgency vs. confidence...? One of them, a combo?
February 13, 2025 at 7:06 PM
What's your take on alert scoring?
High/medium/low vs. 0 - 100 vs. record/notification/page? Static per rule vs. influenced by subject or other attribute (e.g. if user == admin: score++)
Communicated attribute: Severity vs. urgency vs. confidence...? One of them, a combo?
High/medium/low vs. 0 - 100 vs. record/notification/page? Static per rule vs. influenced by subject or other attribute (e.g. if user == admin: score++)
Communicated attribute: Severity vs. urgency vs. confidence...? One of them, a combo?
You might think PowerPoint is bad. But have you tried PowerPoint in the browser?
December 19, 2024 at 1:11 PM
You might think PowerPoint is bad. But have you tried PowerPoint in the browser?
You'd better eat your vegetables, else...
December 15, 2024 at 9:19 PM
You'd better eat your vegetables, else...
Ikea, I think you misspelled "Elon" there.
December 14, 2024 at 2:04 PM
Ikea, I think you misspelled "Elon" there.
Recruiters doing memes on LinkedIn hurts so much, it should be a felony.
December 6, 2024 at 10:59 AM
Recruiters doing memes on LinkedIn hurts so much, it should be a felony.
Me when my phone asks me for the name of the person in the selfies
Doesnt Look Like Anything To Me Westworld GIF
ALT: Doesnt Look Like Anything To Me Westworld GIF
media.tenor.com
November 26, 2024 at 7:38 PM
Me when my phone asks me for the name of the person in the selfies
Breaking news: Hypponen's law applicable to Cisco licensing utilities.
September 5, 2024 at 4:53 AM
Breaking news: Hypponen's law applicable to Cisco licensing utilities.
Why is it called TAXII and not Stixnet? 🤔
July 25, 2024 at 8:11 AM
Why is it called TAXII and not Stixnet? 🤔
I wonder if they give co-pilots (you know...like in planes) new names after we seem to collect all the ways co-pilots mess up. Maybe it's just me, but the title used to radiate more confidence, before every company named their AI feature after it.
July 4, 2024 at 12:30 PM
I wonder if they give co-pilots (you know...like in planes) new names after we seem to collect all the ways co-pilots mess up. Maybe it's just me, but the title used to radiate more confidence, before every company named their AI feature after it.
Nice blog post about why detection rules fail: picussecurity.com/resource/blo.... Personally, I'm missing things like testing rules after changes and other items a little bit, but the article seems like a very good collection of common issues and recommendations.
Why Detection Rules Fail: Causes, Effects, and Corrective Actions
This blog explains the risks of broken detection rules in cybersecurity, explores causes and solutions for rule failures, and emphasizes the importance of automated detection mechanisms to enhance sec...
picussecurity.com
July 4, 2024 at 7:09 AM
Nice blog post about why detection rules fail: picussecurity.com/resource/blo.... Personally, I'm missing things like testing rules after changes and other items a little bit, but the article seems like a very good collection of common issues and recommendations.
Rant: People talking about protecting the environment, but drive around 1000s of kilometers in a 20+ year old van that slurps diesel like a tank.
June 21, 2024 at 5:38 PM
Rant: People talking about protecting the environment, but drive around 1000s of kilometers in a 20+ year old van that slurps diesel like a tank.
So which Black Mirror episode are vendors going to make real next?
June 10, 2024 at 6:40 AM
So which Black Mirror episode are vendors going to make real next?
I have huge empathy for design teams that have to come up with icons for abstract entities like virtual machines, containers or (especially) serverless... I mean how do you depict "server-less" in a meaningful way?! Shout out to these people 🙇♂️
May 31, 2024 at 11:41 AM
I have huge empathy for design teams that have to come up with icons for abstract entities like virtual machines, containers or (especially) serverless... I mean how do you depict "server-less" in a meaningful way?! Shout out to these people 🙇♂️
"Windows NT crashed.
I am the Blue Screen of Death.
No one hears your screams."
- Haiku from www.gnu.org/fun/jokes/er...
I am the Blue Screen of Death.
No one hears your screams."
- Haiku from www.gnu.org/fun/jokes/er...
Haiku error messages - GNU Project - Free Software Foundation
www.gnu.org
May 22, 2024 at 11:46 AM
"Windows NT crashed.
I am the Blue Screen of Death.
No one hears your screams."
- Haiku from www.gnu.org/fun/jokes/er...
I am the Blue Screen of Death.
No one hears your screams."
- Haiku from www.gnu.org/fun/jokes/er...
VMware Workstation Pro is now free?! You never know what Broadcom does next as it seems 😅 www.theregister.com/2024/05/14/v...
VMware Workstation Pro, Fusion Pro free for personal use
A nice gesture among the sh!tshow of Broadcom's acquisition
www.theregister.com
May 15, 2024 at 7:04 AM
VMware Workstation Pro is now free?! You never know what Broadcom does next as it seems 😅 www.theregister.com/2024/05/14/v...
You know when your browser consumes less memory after an update which leads to you immediately opening twice the amount of tabs, because now you think you can. I've witnessed this in a lot of contexts and only a few days ago I found out it has a name: en.wikipedia.org/wiki/Jevons_...
Jevons paradox - Wikipedia
en.wikipedia.org
May 3, 2024 at 4:40 PM
You know when your browser consumes less memory after an update which leads to you immediately opening twice the amount of tabs, because now you think you can. I've witnessed this in a lot of contexts and only a few days ago I found out it has a name: en.wikipedia.org/wiki/Jevons_...
Me: I use Linux for nearly 20 years.
Also me: Googling "cron every 5 minutes"
Also me: Googling "cron every 5 minutes"
January 15, 2024 at 11:27 AM
Me: I use Linux for nearly 20 years.
Also me: Googling "cron every 5 minutes"
Also me: Googling "cron every 5 minutes"
There's a special place (hint: not in my heart) for people who use _@channel_ in slack just to tell others there is a new post. It's a channel. People are there because they are interested in the topic. They don't need to be notified because of your non-urgent question.
January 10, 2024 at 12:58 PM
There's a special place (hint: not in my heart) for people who use _@channel_ in slack just to tell others there is a new post. It's a channel. People are there because they are interested in the topic. They don't need to be notified because of your non-urgent question.
The good thing about being sick is that I can watch talks from CCC 37c3 all day long 🤩
January 5, 2024 at 8:41 PM
The good thing about being sick is that I can watch talks from CCC 37c3 all day long 🤩
Sometimes I think detection engineering as a field needs more theory and structure and sometimes I think we're overcomplicating writing alert rules and everything that goes with it 🤔 If we continue on this route we may see a PhD in detection engineering in 10 years 😅
December 31, 2023 at 3:34 PM
Sometimes I think detection engineering as a field needs more theory and structure and sometimes I think we're overcomplicating writing alert rules and everything that goes with it 🤔 If we continue on this route we may see a PhD in detection engineering in 10 years 😅