Lucene search
K
TaosecurityMost viewed

107 matches found

Richard Bejtlich's blog
Richard Bejtlich's blog
added 2021/04/13 3:0 p.m.30 views

New Book! The Best of TaoSecurity Blog, Volume 4

I've completed the TaoSecurity Blog book series. The new book is The Best of TaoSecurity Blog, Volume 4: Beyond the Blog with Articles, Testimony, and Scholarship. It's available now for Kindle, and I'm working on the print edition. I'm running a 50% off promo on Volumes 1-3 on Kindle through...

6.8AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2017/05/08 3:8 p.m.29 views

Latest Book Inducted into Cybersecurity Canon

Thursday evening Mrs B and I were pleased to attend an awards seminar for the Cybersecurity Canon. This is a project sponsored by Palo Alto Networks and led by Rick Howard. The goal is "identify a list of must-read books for all cybersecurity practitioners." Rick reviewed my fourth book The...

7AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2017/01/31 6:2 p.m.29 views

Meeting Cliff Stoll

Today I had the chance to meet the man who unintentionally invented the modern digital forensics practice, Cliff Stoll. In 1989 he published a book about his 1986-87 detection and response against KGB-backed spies who hacked his lab and hundreds of government, military, and university computers. ...

6.7AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2020/11/09 1:30 p.m.28 views

New Book! The Best of TaoSecurity Blog, Volume 3

Introduction I published a new book! The Best of TaoSecurity Blog, Volume 3: Current Events, Law, Wise People, History, and Appendices is the third title in the TaoSecurity Blog series. It's in the Kindle Store, and if you have an Unlimited account, it's free. I also published a print edition,...

6.6AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2019/07/01 12:0 p.m.27 views

Reference: TaoSecurity Research

I started publishing my thoughts and findings on digital security in 1999. I used to provide this information on my Web site, but since I don't keep that page up-to-date anymore, I decided to publish it here. 2015 and later: Please visit Academia.edu for Mr. Bejtlich's most recent research. 2014...

7.1AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2023/01/08 3:0 p.m.26 views

Happy 20th Birthday TaoSecurity Blog

Happy 20th birthday TaoSecurity Blog, born on 8 January 2003. Thank you Blogger Blogger now part of Google has continuously hosted this blog for 20 years, for free. I'd like to thank Blogger and Google for providing this platform for two decades. It's tough to find extant self-hosted security...

7.2AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2024/10/11 5:37 p.m.25 views

What Are Normal Users Supposed to Do with IDS Alerts from Network Gear?

Probably once a week, I see posts like this in the r/Ubiquiti subreddit. Ubiquiti makes network gear that includes an "IDS/IPS" feature. I own some older Ubiquiti gear so I am familiar with the product. When you enable this feature, you get alerts like this one, posted by a Redditor: This is...

10CVSS7.1AI score0.99999EPSS
Exploits351
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2020/07/16 3:4 p.m.24 views

I Did Not Write This Book

--- Fake Book Someone published a "book" on Amazon and claimed that I wrote it! I had NOTHING to do with this. I am working with Amazon now to remove it, or at least remove my name. Stay away from this garbage! Update: Thankfully, within a day or so of this post, the true author of this work...

7.3AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2018/01/05 3:18 p.m.24 views

Spectre and Meltdown from a CNO Perspective

Longtime readers know that I have no problem with foreign countries replacing American vendors with local alternatives. For example, see Five Reasons I Want China Running Its Own Software. This is not a universal principle, but as an American I am fine with it. Putting my computer network...

6.6AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2020/09/03 3:7 p.m.23 views

The FBI Intrusion Notification Program

The FBI intrusion notification program is one of the most important developments in cyber security during the last 15 years. This program achieved mainstream recognition on 24 March 2014 when Ellen Nakashima reported on it for the Washington Post in her story U.S. notified 3,000 companies in 2013...

7.3AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2023/06/25 6:36 p.m.22 views

Bejtlich Skills and Interest Radar from July 2005

This is unusual. I found this "skills and interest radar" diagram I created in July 2005. It looks like my attempt to capture and prioritize technical interests. At the time I was about to start consulting on my own, IIRC. Copyright 2003-2020 Richard Bejtlich and TaoSecurity...

7.2AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2022/11/18 8:35 p.m.22 views

TaoSecurity on Mastodon

--- I am now using Mastodon as a replacement for the blue bird. This is my attempt to verify myself via my blog. I am no longer posting to my old bird account. Copyright 2003-2020 Richard Bejtlich and TaoSecurity taosecurity.blogspot.com and www.taosecurity.com...

7.3AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2020/05/04 3:51 p.m.22 views

New Book! The Best of TaoSecurity Blog, Volume 1

I'm very pleased to announce that I've published a new book! It's The Best of TaoSecurity Blog, Volume 1: Milestones, Philosophy and Strategy, Risk, and Advice. It's available now in the Kindle Store, and if you're a member of Kindle Unlimited, it's currently free. I may also publish a print...

6.9AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2017/03/14 2:33 p.m.22 views

The Origin of Threat Hunting

--- 2011 Article "Become a Hunter" The term "threat hunting" has been popular with marketers from security companies for about five years. Yesterday Anton Chuvakin asked about the origin of the term. I appear to have written the first article describing threat hunting in any meaningful way. It wa...

7AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2024/05/29 6:42 p.m.21 views

Retrieving Deleted Files on the Commodore C64 in 1987

When I was a sophomore in high school, from 1987 to 1988, my friend Paul and I had Commodore C64 computers. There was a new graphical user interface called GEOS that had transformed the way we interacted with our computers. We used the C64 to play games but also write papers for school. One day...

7.3AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2017/03/21 1:17 p.m.21 views

Cybersecurity Domains Mind Map

Last month I retweeted an image labelled "The Map of Cybersecurity Domains v1.0". I liked the way this graphic divided "security" into various specialties. At the time I did not do any research to identify the originator of the graphic. Last night before my Brazilian Jiu-Jitsu class I heard some ...

6.8AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2023/06/25 7:2 p.m.20 views

My Last Email with W. Richard Stevens

In the fall of 1998 I joined the AFCERT. I became acquainted with the amazing book TCP/IP Illustrated, Volume 1: The Protocols by W. Richard Stevens. About a year later I exchanged emails with Mr. Stevens. Here is the last exchange, as forwarded from my AFCERT email address to my home email. From...

7.2AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2023/06/25 4:13 p.m.20 views

Core Writing Word and Page Counts

I want to make a note of the numbers of words and pages in my core security writings. The Tao of Network Security Monitoring / 236k words / 833 pages Extrusion Detection / 113k words / 417 pages The Practice of Network Security Monitoring / 97k words / 380 pages The Best of TaoSecurity Blog, Vol ...

7.3AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2017/03/15 4:37 p.m.20 views

The Missing Trends in M-Trends 2017

FireEye released the 2017 edition of the Mandiant M-Trends report yesterday. I've been a fan of this report since the 2010 edition, before I worked at the company. Curiously for a report with the name "trends" in the title, this and all other editions do not publish the sorts of yearly trends I...

6.9AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2015/12/10 3:33 p.m.19 views

Domain Creep? Maybe Not.

I just read a very interesting article by Sydney Freedberg titled DoD CIO Says Spectrum May Become Warfighting Domain. That basically summarizes what you need to know, but here's a bit more from the article: Pentagon officials are drafting new policy that would officially recognize the...

6.6AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2023/06/25 4:17 p.m.18 views

Cybersecurity Is a Social, Policy, and Wicked Problem

Cybersecurity is a social and policy problem, not a scientific or technical problem. Cybersecurity is also a wicked problem. In a landmark 1973 article, Dilemmas in a General Theory of Planning , urban planners Horst W. J. Rittel and Melvin M. Webber described wicked problems in these terms: “The...

7.4AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2022/08/10 1:30 p.m.18 views

The Humble Hub

Over the weekend I organized some old computing equipment. I found this beauty in one of my boxes. It's a Netgear EN104TP hub. I've mentioned this device before, in this blog and my books. This sort of device was the last of the true hubs. In an age where cables seem reserved for data centers or...

7.3AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2017/03/17 12:0 p.m.18 views

Bejtlich Moves On

Exactly six years ago today I announced that I was joining Mandiant to become the company's first CSO. Today is my last day at FireEye, the company that bought Mandiant at the very end of 2013. The highlights of my time at Mandiant involved two sets of responsibilities. First, as CSO, I enjoyed...

6.7AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2016/12/18 4:56 p.m.18 views

Check Out My TeePublic Designs

Over the years fans of this blog have asked if I would consider selling merchandise with the TaoSecurity logo. When I taught classes for TaoSecurity from 2005-2007 I designed T-shirts for my students and provided them as part of the registration package. This weekend I decided to exercise my...

6.8AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2016/06/27 3:24 p.m.18 views

Updated PhD Thesis Title

Yesterday I posted Latest PhD Thesis Title and Abstract. One of my colleagues Ben Buchanan subsequently contacted me via Twitter and we exchanged a few messages. He prompted me to think about the title. Later I ruminated on the title of a recent book by my advisor, Dr. Thomas Rid. He wrote Cyber...

6.6AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2024/07/15 1:0 p.m.17 views

My First Book Is 20 Years Old Today

On this day in 2004, Addison-Wesley/Pearson published my first book, The Tao of Network Security Monitoring: Beyond Intrusion Detection. This post from 2017 explains the differences between my first four books and why I wrote Tao. Today, I'm always thrilled when I hear that someone found my books...

7.3AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2023/06/25 4:23 p.m.17 views

Key Network Questions

I wrote this on 7 December 2018 but never published it until today. The following are the "key network questions" which "would answer many key questions about a network, without having to access a third party log repository. This data is derived from mining Zeek log data as it is created, rather...

7AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2022/11/20 2:30 p.m.17 views

Best of TaoSecurity Blog Kindle Edition Sale

I'm running a BlackFriday CyberMonday sale on my four newest Kindle format books. Volumes 1-4 of The Best of TaoSecurity Blog will be half off starting 9 pm PT Tuesday 22 Nov and ending 9 pm PT Tueday 29 Nov. They are here. There also appears to be a daily deal right now for the paperback of Volu...

7.3AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2025/03/25 8:26 p.m.16 views

Creating a Windows Application Using Visual Studio Code, Cline, OpenRouter, and Claude

I just created a Windows 10/11 application that takes square screen captures. I did zero coding myself but used Visual Studio Code, Cline, OpenRouter, and Claude. I got the idea by watching a video on so-called Vibe programming by a YouTuber named Memory. I have zero Windows programming experienc...

7.2AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2016/01/19 7:2 p.m.16 views

Lt Gen David Deptula on Desert Storm and Islamic State

This weekend Vago Muradian interviewed Lt Gen ret David Deptula, most famous for his involvement as a key planner for the Desert Storm air campaign. I recommend watching the entire video, which is less than 8 minutes long. Three aspects caught my attention. I will share them here. First, Lt Gen...

6.8AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2026/06/08 8:57 p.m.15 views

Bill to Create Independent US Cyber Force Wants to Place It Under the US Army

It looks like we're finally making progress towards an independent US Cyber Force: https://www.csis.org/programs/strategic-technologies-program/projects/commission-us-cyber-force-generation However, this bill by Sen Gillibrand to put it under the Army isn't the best idea...

5.5AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2017/02/12 12:59 p.m.15 views

Guest Post: Bamm Visscher on Detection

Yesterday my friend Bamm Visscher published a series of Tweets on detection. I thought readers might like to digest it as a lightly edited blog post. Here, then, is the first ever as far as I can remember guest post on TaoSecurity Blog. Enjoy. When you receive new threat intel and apply it in you...

6.8AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2017/02/09 3:21 p.m.15 views

Bejtlich Books Explained

A reader asked me to explain the differences between two of my books. I decided to write a public response. If you visit the TaoSecurity Books page, you will see two different types of books. The first type involves books which list me as author or co-author. The second involves books to which I...

7AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2016/06/25 6:37 p.m.15 views

Latest PhD Thesis Title and Abstract

In January I posted Why a War Studies PhD? I recently decided to revise my title and abstract to include attention to both offensive and defensive aspects of intrusion campaigns. I thought some readers might be interested in reading about my current plans for the thesis, which I plan to finish an...

6.8AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2017/12/04 4:29 p.m.14 views

On "Advanced" Network Security Monitoring

My TaoSecurity News page says I taught 41 classes lasting a day or more, from 2002 to 2014. All of these involved some aspect of network security monitoring NSM. Many times students would ask me when I would create the "advanced" version of the class, usually in the course feedback. I could never...

7.2AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2016/10/18 3:15 p.m.13 views

Five Ways That Good Guys Share More Than Bad Guys

It takes a lot for me to write a cybersecurity blog post these days. I spend most of my writing time working on my PhD. Articles like Nothing Brings Banks Together Like A Good Hack drive me up the wall, however, and a Tweet rant is insufficient. What fired me up, you might ask? Please read the...

6.5AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2016/01/09 12:22 a.m.13 views

Why a War Studies PhD?

When I begin receiving multiple questions on a topic, it's a signal that I should write a blog post. Several of you have asked me about my experience as a PhD candidate in the King's College London Department of War Studies. In this post I will try to answer your questions by explaining how I got...

6.6AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2025/04/09 4:46 p.m.12 views

Creating a Large Text File Viewer by Vibe Coding with Visual Studio Code, Cline, OpenRouter, and Claude 3.7

I just created another Windows 10/11 application using AI. This is a follow-up to the SquareCap program I posted about a few weeks ago. The problem I was trying to solve this time was opening and searching extremely large text files. I used to use the old Mandiant Highlighter program for this, bu...

7.3AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2017/03/23 2:20 p.m.12 views

Five Reasons I Want China Running Its Own Software

Periodically I read about efforts by China, or Russia, or North Korea, or other countries to replace American software with indigenous or semi-indigenous alternatives. I then reply via Twitter that I love the idea, with a short reason why. This post will list the top five reasons why I want China...

6.7AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2016/01/08 11:0 a.m.12 views

Happy 13th Birthday TaoSecurity Blog

Today, 8 January 2016, is the 13th birthday of TaoSecurity Blog! This is also my 3,000th blog post. I wrote my first post on 8 January 2003 while working as an incident response consultant for Foundstone. Kevin Mandia was my boss. Today I am starting my third year as Chief Security Strategist at...

7AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2015/12/05 2:29 p.m.12 views

Not So Fast! Boyd OODA Looping Is More Than Speed

The name "John Boyd" and the term "OODA Loop" are probably familiar to many of the readers of this blog. I've mentioned one or the other in 2006, 2007, 2009 twice, and 2014. Boyd was a fighter pilot in the Korean war and revolutionized thinking on topics like fighter design and military strategy...

6.7AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2015/11/28 4:6 p.m.12 views

Seven Tips for Personal Online Security

Last year I wrote Seven Tips for Small Business Security, but recently I decided to write this new post with a different focus. I realized some small businesses are in some ways indistinguishable from individuals, such that advice for personal online security would be more appropriate for some...

6.8AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2015/10/03 10:27 a.m.12 views

Personal Info Stolen? Seven Response Steps

Yesterday on Bloomberg West, host Emily Chang reported on a breach that affected her personally identifiable information PII. She asked what she should do now that she is a victim of data theft. This is my answer. First, I recommend changing passwords for any accounts associated with the breached...

6.8AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2017/02/13 11:22 p.m.11 views

Does Reliable Real Time Detection Demand Prevention?

Chris Sanders started a poll on Twitter asking "Would you rather get a real-time alert with partial context immediately, or a full context alert delayed by 30 mins?" I answered by saying I would prefer full context delayed by 30 minutes. I also replied with the text at left, from my first book Th...

6.9AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2015/10/28 3:56 p.m.11 views

A Different Spin on the Air War Against IS

Sunday evening 60 Minutes aired a segment titled Inside the Air War. The correspondent was David Martin, whose biography includes the fact that he served as a naval officer during the Vietnam War. The piece concluded with the following exchange and commentary: On the day we watched the B-1 strike...

6.8AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2016/01/05 4:19 p.m.10 views

2014-2015 Professional Reading Round-Up

At an earlier point in my career, I used to read a lot of technical security books. From 2006 to 2012 I published a series of Best Book Bejtlich Read posts. Beginning in 2013 I became much more interested in military-derived strategy and history, dating back to my studies at the Air Force Academy...

6.8AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2015/10/19 3:37 p.m.10 views

South Korea Signs Up to Cyber Theft Pledge

On Friday the Obama administration secured its second win toward establishing a new norm in cyberspace. The Joint Fact Sheet published by the White House includes the following language: "no country should conduct or knowingly support cyber-enabled theft of intellectual property, trade secrets, o...

6.8AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2015/12/23 9:18 p.m.9 views

A Brief History of the Internet in Northern Virginia

Earlier today I happened to see a short piece from the Bloomberg Businessweek "The Year Ahead: 2016" issue, titled The Best Places to Build Data Centers. The text said the following: Cloud leaders including Amazon.com, Microsoft, Google, IBM, and upstart DigitalOcean are spending tens of billions...

6.9AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2015/10/05 1:13 p.m.9 views

For the PLA, Cyber War is the Battle of Triangle Hill

In June 2011 I wrote a blog post with the ever polite title China's View Is More Important Than Yours. I was frustrated with the Western-centric, inward-focused view of many commentators, which put themselves at the center of debates over digital conflict, neglecting the possibility that other...

6.7AI score
Exploits0
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2025/11/06 6:46 p.m.8 views

I'm Hosting a New Podcast

I'm hosting a new podcast for Corelight. Check out my first episode with our field CTO, Vince Stoffer. Expect new episodes every two weeks. This is no buddy cop discussion -- max content, minimum banter, in about 15 minutes! https://open.spotify.com/episode/0SD2gUvIuB65YFmjjtXfTR...

7AI score
Exploits0
Total number of security vulnerabilities107