@randomuserid.bsky.social
Five startups, three exits, principal at QRadar, Elastic, Uptycs. Working on applying AI and ML to threat hunting. Organizer of openDR, a group of security researchers and data scientists. https://github.com/opendr-io
I'll also be giving this talk at BSides SW about the PROTOSTAR project. . Bottom line, I think AI can help us solve this, but not as a "quick fix" where we throw existing alerts at it, from existing tools. The real question is, are we solving false positives with AI, or are we just monetizing them?
14.11.2025 16:15 β π 0 π 0 π¬ 0 π 0
I'll be presenting the CAUSALITY intrusion prediction project for the third time at BSides Fort Myers November 15. This blog / video combination gives a brief overview of the project and the 132 correct CVE predictions it has made this year.
blog / show and tell is here: lnkd.in/ec-RH4zs
Reading gzipped CloudTrail files from an S3 bucket directly into a data-frame is possible
28.10.2025 19:17 β π 0 π 0 π¬ 0 π 0
It is def getting harder to confuse the models with questions like how many legs does a dog or cat have. And they seem to be developing a lot of personality
26.06.2025 23:27 β π 0 π 0 π¬ 0 π 0
My neighbor runs a GC crew and hooked me up with new siding. We discovered a door to a crawlspace under my porch while they removed the old siding and now I be like:
01.06.2025 12:59 β π 1 π 0 π¬ 0 π 0Here is a quick 2 minute show and tell of OpenDR, a FOSS EDR alternative in Python, simple to set up and use so it is an option in environments where agents are not a cultural fit. If you like it, please give it some stars. And tell us what you want us to add!
github.com/cyberdyne-ve...
I got my first provable CVE prediction! So here is a prediction I can prove was made forward in time. On the Jan 3 run, my model predicted CVE-2024-12686 was going 'hot.' This CVE was added to the KEV today, ten days later.
www.linkedin.com/posts/activi...
github.com/cyberdyne-ve...
So there's something like 5-10 million tons of deadwood and brush in the Los Angeles Hills that is essentially kindling. Burning it would make too much smoke.
What about this: remove it all to a national firewood reserve for use in cold weather disaster zones where people heat with wood stoves.
..I'm looking at a Python file someone downloaded and it has hundreds of lines that aren't really supposed to be there. What do we call living off the land in Python? It uses the modules listed above.
09.01.2025 19:53 β π 0 π 0 π¬ 0 π 0What do we call living off the land in Python?
ftp - for ftp based exfil
email and impalib - for email collection
scapy - network enumeration, sniffing and creating routes
netfilterqueue - DNS tampering
requests - for using one of 9 proxies
socket, subprocess, sys - reverse shell
Let's put the CVE list in json instead of CSV, they said
we can have as many nested fields as we want, they said
json is the future, they said, it will be great
All my abstracts and presentations are written by hand. I donβt think I would have the same confidence presenting AI generated material and that would degrade presentation & engagement
21.12.2024 20:46 β π 1 π 0 π¬ 0 π 0
At a Microsoft event last week, Stephen Wolfram mused that if and when it does become a sentient intelligence, it will not be quite like a human intelligence, but something else entirely.
21.12.2024 20:21 β π 0 π 0 π¬ 0 π 0What sort of things shocked you, when you were still shock capable ?
21.12.2024 20:10 β π 0 π 0 π¬ 0 π 0TIL an iPhone can survive 7 minutes in a washing machine and itβs probably fine
21.12.2024 19:53 β π 0 π 0 π¬ 0 π 0
OK this is what I thought; CVSS scores and severity vary for extreme risk CVEs on watchlists like KEV. Which is why I don't think a focus on critical or high severity labels, and associated CVSS scores, is enough.
17.12.2024 03:37 β π 0 π 0 π¬ 0 π 0
Loading the 2024 CVE set into a data frame (it is bigger than it looks)
16.12.2024 23:07 β π 1 π 0 π¬ 1 π 0
![Ray [REDACTED]](https://cdn.bsky.app/img/avatar/plain/did:plc:657oa6ldqrsjo5roln7ckm36/bafkreihxcz5jz6mhiqernmmppio2lw7uvm7zfem4qrmlfqbpdcllvuxx54@jpeg)
