Richard Bejtlich

I was a captain in the United States Air Force who formally trained as an intelligence officer. I later worked in information warfare. I promoted the concept that "prevention eventually fails" in my first book (2004) and developed tactics, operations, and strategy to detect and respond to nation-state and criminal computer intrusions. I wrote about cybersecurity from 2001 to 2021. I created the GE-CIRT and was Mandiant's first CISO. I currently advocate #NetworkSecurityMonitoring for @corelight. My latest books are here #ad amzn.to/3B2AcMc

2025-07-12

@Xavier @dfirnotes I'm glad you found it useful!

2025-07-12

@dfirnotes Thanks for the mention. "Trusted" vs "trustworthy" is still a problem it seems.

2025-07-08

@suricata congratulations on 8!

2025-07-07

@securityonion congratulations Doug and friends.

2025-07-07

@jerry I’m so sorry Jerry.

2025-07-06

@jerry wild. I was just thinking last week about the IR I did for IM in 2002 as a result of this Romanian guy. justice.gov/archive/criminal/c

2025-07-03

@briankrebs there isn’t even a “security community.” Try opposing the offensive security mindset of the security 1% and you’ll see there is little room for other points of view. It’s why I’m glad I left Twitter almost three years ago. I get much less harassment here.

2025-06-04

@securityonion congratulations!!

2025-05-24

If you'd like to know why IPv6 continues to be a dud compared to IPv4, years after we exhausted all IPv4 addresses, check out this great article by my favorite networking guru, Geoff Huston, in the free and mighty Internet Protocol Journal, issue 28 no 1.

ipj.dreamhosters.com/internet-

Incidentally, I set up my IPv6-only lab, which required tunnel tech, again this past week, 19 YEARS after doing it the first time.

taosecurity.blogspot.com/2006/

2025-05-23

@javiervg @briankrebs I see this too using Librewolf. I think the aggressive privacy features trigger captchas.

2025-05-18

@debian congrats on the release.

2025-05-16

I am loving the fact that Voyager 1 is still alive! cnn.com/2025/05/14/science/voy

2025-05-12

Here’s another reason why you need a balanced approach to detection and response, including #networksecuritymonitoring, and cannot simply rely on the integrity of the endpoint. techspot.com/news/107883-ranso

2025-05-04

@lorenzofb excellent article

2025-05-01

For years I’ve said the Apple iPhone ecosystem overall is far more secure for the average user than Android. Here’s a quantifiable example of how bad the Google Play store has been. It’s good to see Google taking these steps, but the Android ecosystem will remain inferior compared to the vertical integration of the Apple iPhone. techspot.com/news/107745-googl

2025-04-26

The 2025 Mandiant M-Trends report is here. First the first time in the history of the report, global dwell time has increased, albeit only one day, from 10 to 11 days. This is still worrying, as ransom actor extortion demands have pressured the dwell time downward, but for an obviously bad reason. Global detection by source has also moved in the wrong direction, with slightly more external vs internal detection. I fear we have entered the realm of decreasing “returns on security investment,” especially for the security 1-10%.

2025-04-09

I just created another Windows 10/11 application using AI. This is a follow-up to the SquareCap program I posted about a few weeks ago. Details here: taosecurity.blogspot.com/2025/

BejView window (right side cut off)BejView GitHub
2025-04-06

@erictopol congrats on your new book! There's nothing like getting a copy in your hands.

2025-04-06

@briankrebs why do we believe he was involved with over 2000 cases? Over a 25 year period, that would be 80 per year. There’s ZERO chance that is true. I know expert witnesses who work single cases for months, even years. Sure, you can juggle several simultaneously, but 80 a year?! More fabrication, even if he had help.

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst