TaoSecurity Blog

On this day in 2004, Addison-Wesley/Pearson published my first book, The Tao of Network Security Monitoring: Beyond Intrusion Detection . This post from 2017 explains the differences between my first four books and why I wrote Tao .  Today, I'm always thrilled when I hear that someone found my books useful.  I am done writing books on security, but I believe the core tactics and strategies in all my books are still relevant. I'm not sure that's a good thing, though. I would have liked to not need the tactics and strategies in my book anymore. "The Cloud," along with so many other developments and approaches, was supposed to have saved us by now. Consider this statement from a report describing CISA’s red team against a fed agency:  “[A]ttempts to capture forensic data via packet captures occurred directly on the compromised Solaris and Windows hosts, where the red team observed the data being collected and therefore had the opportunity to disrupt collection, tam

When I was a sophomore in high school, from 1987 to 1988, my friend Paul and I had Commodore C64 computers. There was a new graphical user interface called GEOS that had transformed the way we interacted with our computers. We used the C64 to play games but also write papers for school. One day Paul called me. He was clearly troubled. He had somehow dragged his newly completed term paper into the trash bin instead of the printer. If I recall correctly, back then they were right next to each other (although the screen shot above shows them separate).  Paul asked if I knew any tricks that could retrieve his paper. There was no undelete function in GEOS. I subscribed to a magazine called Compute's Gazette, for Commodore owners. I remembered seeing an article in the magazine that included code for undeleting files dropped in the GEOS "Waste Basket." All I had to do was type it in by hand, save it to a 5 1/4 inch floppy, drive to Paul's house, and see if the program would