Matt Kelly's Avatar

Matt Kelly

@breakersall.bsky.social

Threat intelligence, threat hunting, reforming red teamer

85 Followers  |  145 Following  |  15 Posts  |  Joined: 05.02.2024  |  2.2579

Latest posts by breakersall.bsky.social on Bluesky

The Com, criminal hacking ethics, and off-ramps, this talk from Allison is compelling and excellent. Take a watch.

06.08.2025 13:29 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image Post image Post image Post image

🚨 Another Internet blackout in Iran has begun at 12:50 UTC (4:20pm local). 🚨

Numerous Iranian service providers now offline in new national Internet blackout.

18.06.2025 13:44 β€” πŸ‘ 6    πŸ” 3    πŸ’¬ 1    πŸ“Œ 0

Predatory Sparrow are "hacktivists" that happens to be skilled at cyber war.
www.wired.com/story/predat...

17.06.2025 12:30 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

iranian offensive cyber capacities are not resilient or coherent enough to engage in meaningful effects-delivery against hardened targets while their country is actively being blown to shit. also: despite a few minor successes, iran has never matched china or russia in scale of access to USCIKR.

16.06.2025 18:39 β€” πŸ‘ 36    πŸ” 6    πŸ’¬ 2    πŸ“Œ 2

"Over four months, LLM users consistently underperformed at neural, linguistic, and behavioral levels. These results raise concerns about the long-term educational implications of LLM reliance and underscore the need for deeper inquiry into AI's role in learning."

16.06.2025 12:35 β€” πŸ‘ 515    πŸ” 267    πŸ’¬ 17    πŸ“Œ 31

Cubs, Royals, and Brewers held Pride Nights today. Notable in Chicago was a community group called β€œPlay Catch with a Dad” that serves members of the LGBTQ+ community who have been disenfranchised by their families.

13.06.2025 03:26 β€” πŸ‘ 203    πŸ” 51    πŸ’¬ 7    πŸ“Œ 14
11.06.2025 12:23 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

SMB to RCE via Kerberos coercion, nasty vuln and great research. Get patching.

11.06.2025 10:50 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Security Update Guide - Microsoft Security Response Center

Are you referencing CVE-2025-33073? I think you may have typo'ed 33074
msrc.microsoft.com/update-guide...

10.06.2025 17:44 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

"Don't look for breaches, so we don't have to disclose them"
Is the new "no logs, no breach"

www.nextgov.com/cybersecurit...

10.06.2025 13:20 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

PR teams: just add "with Agentic AI" to end, then full send

27.05.2025 22:11 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Is the era of the β€œnamed actor” done?

As the OG adversary sets diverge, get promoted, or move on

actors dispersing across the kill chain based on specialized skills increases (ORBs, criminal underground)

AND the CTI models maturing…

APTs ⬇️⬇️

UNCs ⬆️⬆️

21.05.2025 20:15 β€” πŸ‘ 28    πŸ” 8    πŸ’¬ 7    πŸ“Œ 0
Post image Post image

Friday vibes

25.04.2025 13:36 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
SonicWall Sonicos Versions 7.1.x and 8.0.x Blog describes how Bishop Fox staff identified a vulnerability in SonicWall SonicOS 7.1.x and 8.0.x in the SSL VPN service and solutions for customers.

I made SonicWall’s hall of fame for this one. Patch your firewalls (again), folks!

bishopfox.com/blog/sonicwa...

25.04.2025 01:53 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Post image

actions on objective, which can be very important to whether the dwell time # is effective. This is easily observed from the differences of a smash and grab ransom, intentionally destructive attacks, to a intelligence gathering long operations.

Good industry metric, not always great inside measure

24.04.2025 14:26 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

While it has a slight uptake this year according to MTrends, hard to say what that means yet. But measuring dwell time without a sophisticated program is perilous as a true measure, as not all incidents or red team engagements are created equal. Dwell time by itself does not correspond with measures

24.04.2025 14:26 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

detection and response team's increased capabilities, but instead because one of the most prevalent breach types started announcing their presence in form of ransom notes.

Dwell time was THE metric to track in offensive engagements and IR for the longest time, then it started falling

24.04.2025 14:26 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Dwell Time became 'the metric' to track ~10 years ago. Since then it fell from averaging years to days. While this can be correlated with increased D&R capabilities, it also notably decreased from a changing threat landscape. As ransomware grew in popularity, Dwell time decreased regardless of

24.04.2025 14:26 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

Dwell time back?

While Verizon DBIR measured dwell time is still falling, Mandiant MTrends noticed it acutally increased for the first time in years, despite record investment in Cyber and increased sophistication in it's most important countermeasure, effectiveness of detection & response teams. 🧡

24.04.2025 14:26 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
Challenger Winner of the 2024 Kirkus Nonfiction Prize β€’ Shortlisted for the 2025 Andrew Carnegie Medal for Excellence in Nonfiction β€’ A New York Times Notable...

For fans of root cause of catastrophic (often bureaucratic) failure, such as reports from CISA's Cyber Safety Review Board reports, recommend Challenger, by the same author of Incident Response required reading Midnight in Chernobyl. #RecommendedReading www.simonandschuster.com/books/Challe...

13.12.2024 02:28 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Seeing blue skies, even though it is grey here in Chicago.

05.02.2024 16:31 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

@breakersall is following 19 prominent accounts