Posts

I Wrote a New Book for Corelight

Image
TLDR: I wrote a new book for Corelight called NDR Essentials . It's free at that link. This is the 10th book that I've authored or co-authored. The rest are all posted at taosecurity.com .    Why? It was time . That’s what I thought when I heard that Corelight wanted to update its 2021 book on network detection and response (NDR). Tamara Crawford, who owned the project, scheduled a meeting with me and asked if I might be interested in helping, depending on who might write the text. I volunteered immediately to write the whole book, but I had a few conditions. The text had to be at least 100 pages long, because 100 pages is my personal dividing line between “book” and “white paper.” I needed the freedom to cover the topics I wanted to address, and to not be told what to write. I wanted to show the four network security monitoring (NSM) data types working in a vendor-neutral manner, with technical details. Finally, I knew this project would take several month...

Bill to Create Independent US Cyber Force Wants to Place It Under the US Army

It looks like we're finally making progress towards an independent US Cyber Force: https://www.csis.org/programs/strategic-technologies-program/projects/commission-us-cyber-force-generation However, this bill by Sen Gillibrand to put it under the Army isn't the best idea. https://www.airandspaceforces.com/new-push-for-separate-cyber-force-builds-but-questions-remain/ I get it -- Navy has the Marine Corps, Air Force has the Space Force, Army has... nothing? But the Coast Guard doesn't slot under anyone either. It would be a step backwards to put Cyber under Army.

Mandiant Global Median Dwell Time Deteriorates from 11 to 14 Days

Image
  Oh snap. My single most important cybersecurity metric deteriorated again.  In the M-Trends report for calendar year 2024, Mandiant’s global median dwell time metric worsened from 10 to 11 days. In the newest report, released today, for calendar year 2025, that metric worsened again, from 11 to 14 days.  In other words, organizations are taking even longer to detect and respond to intrusions. 10 days was already still too much, in a world where teams need to detect and contain in an hour to be effective.  I’m not a doomer. We made amazing progress since 2011, when median global dwellers time was over 400 days. But, two bad years in a row has never happened. Before last year, the metric had always improved! It’s possible Mandiant is just dealing with ever tougher cases. I have to dig into the full report. 

Happy 23rd Birthday TaoSecurity Blog

Image
  Happy birthday TaoSecurity Blog, born on this day in 2003! The best way to digest the key lessons from this site is to browse my four volume Best of TaoSecurity Blog book series , published in 2020. It's available in print as seen here, or as a properly formatted HTML-based digital book -- none of that PDF-based fixed format nonsense. Each book is a theme-centric collection of posts with new commentary for each entry. Some of what I wrote stood the test of time, and some did not. See what you think. Or, just scroll backwards through this site. Thank you to Blogspot and Google for hosting this blog for the last 23 years! This is post number 3,094 by the way.    

We have achieved FreeBSD 15.0-REL with KDE Plasma

Image
  Houston, we have installed #FreeBSD 15.0-REL with KDE Plasma 6.4.5 on a Lenovo ThinkPad X1 Carbon Gen 6 laptop. I have come full circle. I used to daily drive FreeBSD 5.x on a Thinkpad a20p in the early 2000s. Today I used the "technology preview" method for pkg installation, too. I posted this from the laptop, of course!! Thanks to everyone who made this possible, including the parties who made the script to install KDE with one command.

I'm Hosting a New Podcast

Image
  I'm hosting a new podcast for Corelight. Check out my first episode with our field CTO, Vince Stoffer. Expect new episodes every two weeks. This is no buddy cop discussion -- max content, minimum banter, in about 15 minutes!  https://open.spotify.com/episode/0SD2gUvIuB65YFmjjtXfTR https://podcasts.apple.com/us/podcast/corelight-defendrs/id1843154362 https://www.youtube.com/watch?v=IgmZxV2OP9k

Creating a Linux Application Using VSCodium, Cline, OpenRouter, and Claude

Image
In March I created a Windows Application Using Visual Studio Code, Cline, OpenRouter, and Claude . This was a program that created square screen captures. The user doesn't need to manually ensure the dimensions are a square. The program makes the window grow and shrink while keeping the length equal to the height.      In June I created an equivalent program on Linux using VSCodium, Cline, OpenRouter, and Claude.   I provided this prompt, which I derived from the last project.   ==    Create a graphical Linux application to take screen captures with the following features: Square Region Selection: Enforces a 1:1 aspect ratio during region selection 1:1 Aspect Ratio: Ensures all captures are perfectly square PNG Output: Saves high-quality images in PNG format Preview: Shows the captured image before saving Dark Mode by Default: Toggle to light theme if desired Square Interface: The application window itself uses a square ratio Default Save Location:...