Woody A.
@woodytrombone.bsky.social
CTI @ Centene Corp. SANS MSISE Student. Occasional Board Game Demo Guy @ CGE. Former NSA Cybersecurity.
(opinions are my own, not employer's™)
(opinions are my own, not employer's™)
@cyb3rops.bsky.social has a great VT Live Hunt ruleset for finding these compromised NPM packages: mal_npm_supply_chain_sep25
September 9, 2025 at 5:25 PM
@cyb3rops.bsky.social has a great VT Live Hunt ruleset for finding these compromised NPM packages: mal_npm_supply_chain_sep25
For the record: I'm not buying the claim that SCATTERED SPIDER = ShinyHunters. There may be a small level of overlap, enough to make some legitimate-sounding claims, but my read is that someone is trolling, clout-chasing, and/or throwing out a cyber intelligence smokescreen.
August 25, 2025 at 4:21 PM
For the record: I'm not buying the claim that SCATTERED SPIDER = ShinyHunters. There may be a small level of overlap, enough to make some legitimate-sounding claims, but my read is that someone is trolling, clout-chasing, and/or throwing out a cyber intelligence smokescreen.
I offered two brick for this shirt.
They turned me away.
They turned me away.
August 1, 2025 at 1:35 PM
I offered two brick for this shirt.
They turned me away.
They turned me away.
Fox wins "Best in Henhouse" award.
July 12, 2025 at 9:19 PM
Fox wins "Best in Henhouse" award.
Reposted by Woody A.
Here's my piece on the ending of the CVE contract.
"Sasha Romanosky, senior policy researcher at the Rand Corporation, branded the end to the CVE program as 'tragic,' a sentiment echoed by many cybersecurity and CVE experts reached for comment.
www.csoonline.com/article/3963...
"Sasha Romanosky, senior policy researcher at the Rand Corporation, branded the end to the CVE program as 'tragic,' a sentiment echoed by many cybersecurity and CVE experts reached for comment.
www.csoonline.com/article/3963...
April 15, 2025 at 11:08 PM
Here's my piece on the ending of the CVE contract.
"Sasha Romanosky, senior policy researcher at the Rand Corporation, branded the end to the CVE program as 'tragic,' a sentiment echoed by many cybersecurity and CVE experts reached for comment.
www.csoonline.com/article/3963...
"Sasha Romanosky, senior policy researcher at the Rand Corporation, branded the end to the CVE program as 'tragic,' a sentiment echoed by many cybersecurity and CVE experts reached for comment.
www.csoonline.com/article/3963...
Oracle denying a leak (which appear to be *very* stale creds) is a terrible look. Telling customers to check sec.gov for breach information is downright embarrassing.
March 29, 2025 at 2:09 PM
Oracle denying a leak (which appear to be *very* stale creds) is a terrible look. Telling customers to check sec.gov for breach information is downright embarrassing.
CTI folks:
Our industry generally follows DoD practices (for good reason), but should we be serializing our reporting like they do?
The DoD serializes because the IC is massive and needed a way to disambiguate reporting from different sources/times on the same topic.
Our industry generally follows DoD practices (for good reason), but should we be serializing our reporting like they do?
The DoD serializes because the IC is massive and needed a way to disambiguate reporting from different sources/times on the same topic.
February 4, 2025 at 5:53 PM
CTI folks:
Our industry generally follows DoD practices (for good reason), but should we be serializing our reporting like they do?
The DoD serializes because the IC is massive and needed a way to disambiguate reporting from different sources/times on the same topic.
Our industry generally follows DoD practices (for good reason), but should we be serializing our reporting like they do?
The DoD serializes because the IC is massive and needed a way to disambiguate reporting from different sources/times on the same topic.