Read on Twitter
The core innovation of Sysmon is to turn Windows logs from “Tell me what I’m looking for there’s a billion entries here” into “Give me a few minutes I’ll know it when I see it.” https://twitter.com/cyb3rops/status/1286304099332390912
That is something immensely valuable: The ability to “know it when you see it.” Because the human brain is an incredible creation with unbounded possibility for detection of oblique pattens, when it has JUST enough signal from the noise. When it can say, “I’ll take it from here.”
We are grown in an environment where the human is denigrated. This is a moment of impending machine ascendency. This is a moment of decades in wait.
Through occlusion it’s lost how magnificent the mind is when matured in contexts. Not to scrape by. But to dominate beyond reason.
Through occlusion it’s lost how magnificent the mind is when matured in contexts. Not to scrape by. But to dominate beyond reason.
And yes, there are incredible abilities in both pattern-matching like SIGMA and neural networks. To make machines parse data and catch things distended across timelines of events. It’s shocking how good they can be.
But still, in the wings, is a human. Because a human can reason
But still, in the wings, is a human. Because a human can reason
There is an attack type in encryption called a Padding Oracle. And it is something that can only work against a machine. It consistents of one machine asking another almost exactly the same question thousands or millions of times to extract data one character at a time by chance.
To read how this works is both incredible, and a lesson.
The machine is executing instructions. That is all we ask of it. Because simplicity is perfection and defense. It does not know the future, the past, or itself.
But in that is also weakness inherent. The patterns it loses.
The machine is executing instructions. That is all we ask of it. Because simplicity is perfection and defense. It does not know the future, the past, or itself.
But in that is also weakness inherent. The patterns it loses.
“Does what I am doing make sense” is a defense across all matters of subversion.
Understand, machines do not have this check in any matter. That’s how both their owners AND attackers exploit them.
Humans, you have to tell them a story.
To a machine, every face is a new one.
Understand, machines do not have this check in any matter. That’s how both their owners AND attackers exploit them.
Humans, you have to tell them a story.
To a machine, every face is a new one.
“Tell the machine to limit requests from the other machine.”
And this is why you MUST understand the entire stack of what’s happening.
Large networks send all their traffic from the same IP addresses.
The server is behind a load balancer so all requests come from the same IP.
And this is why you MUST understand the entire stack of what’s happening.
Large networks send all their traffic from the same IP addresses.
The server is behind a load balancer so all requests come from the same IP.
The clients you expect requests to come from are each assigned a unique identifier they always attach. But the attacker has sovereign control of their machine and can change it at will.
How do you write rules for all of this? By someone paid to hedge against chance?
You don’t.
How do you write rules for all of this? By someone paid to hedge against chance?
You don’t.
