READ ---> Joint CSA from FBI, CISA, NSA, EPA, DOE, and CNMF: Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure ---------- break ---------- I'm going to sum up the longwinded rant I just hit my wife with into: There's zero reason to have an HMI publicly exposed other than it being a honey pot. Z E R O None of that cybersecurity marketing bullshit organization fall for and implement is going to save them from terrible network and system hygiene. They must take control of those environments and secure them... YESTERDAY. Her response: Why are you telling me, tell them. 😅 ---------- break ---------- Check your logs for the IOCs listed within the CSA. If you find any hits, engage an incident response firm. Publicly exposing an HMI suggests your current team likely lacks the capacity to properly and thoroughly investigate and remediate this. Bring in qualified external help to review the situation and get your systems and environment secured. ---------- break ---------- For the security teams overseeing OT infrastructure: There are too many people that rely on you to protect critical infrastructure, and it seems your orgs are failing to do so. Respectfully, get your shit together. It's not rocket science to put some security controls in front of these environments. I understand execs push back; flood them with every shred of evidence of attacks on OT environments and the outcomes of such. When something happens, you did what you could and hopefully their disinterest leads them to being held accountable. cisa.gov/news-events/cyberse…

.@GreyNoiseIO Swarm sensors can now (optionally) get compromised, without introducing any risk to the rest of your network. We're monitoring dropped/executed files, commands executed, other host/OS level behaviors, all mapped to MITRE ATT&CK techniques. Without any agents. Live in our environment now- rolling out to Swarm customers soon. Every attack we detect is one we're able to better inform and defend defenders about, and every tool tool, exploit, backdoor we get our grubby little hands on directly correlates to pain, frustration, and cost imposition against attackers. Shoutout Rob Fontaine and Pablo Bidwell. Insane work. Yall are savages.

Headed into work like….

GreyNoise At The Edge Intel Brief (June 1-8, 2026) This week attackers went after the front door of remote access — RDP, SSL VPN, router management — not new CVEs. 🔗 greynoise.io/resources/at-th…

It's my off-day, and I'm already sitting here staring at @lennyzeltser and working through SANS FOR610 on-demand.

To be clear, this is the kind of patch where you apply the damn patches immediately for all public-facing systems. @CISACyber 's 72 hours thing is too generous, even.

Hmm, if everything is critical, nothing is critical…

This was a fun place to work when I was there. I hear the culture is still pretty good from the 10 or so people I still talk to over there from time-to-time. The total comp and PTO was great too, and I'm sure it still is.

Hi, I’m hiring a Director of Detection Engineering and Threat Hunting. It’s my role, so if your work history is like mine you might be a good candidate. Read more: job-boards.greenhouse.io/hun…

No matter what all those self-described "iNfLuEnCeRs" on LinkedIn tell you; growth in one thing requires sacrifice of something. It's up to you to choose what you sacrifice. You can't do it all.... This was prompted by one of their posts. I swear the most ridiculous things I read come from LinkedIn (and Reddit when I dare go there 🤣).

The books have arrived…. Time to lock in.

Arrived…

We’ve uploaded the Advanced Malware Binary Triage launch stream from last Friday. Throughout this stream, we provided an overview of the course, answered questions and analyzed a piece of malware with Binary Ninja and dnSpy. Enjoy!

“Sir, you can’t park there” This happened to my buddy’s house in a residential neighborhood with a speed limit of 20mph. The driver was definitely well over the limit. All parties are okay. Had it not been for the fire hydrant the guy hit prior to ramming into the house, the vehicle likely would’ve been much closer to the bottom floor window and crashed into the master suite on the lower level. His wife was in there with their youngest child. It likely totaled the vehicle that was in the garage. Which leads me to wonder how much further would that truck have made it if the vehicle wasn’t in the garage. My buddy did not have ‘2026 Ram crashes into my house’ on his bingo card. Lastly, pay attention when you’re driving and put down your damn phones.

You interested in hacking and want to red team the government? CISA’s red team has an opening! Our assessments are typically 90 days and we’re performing actual red team work here. Check out the opening, and let me know if you have any questions! usajobs.gov/job/871378500

The May NoiseLetter is live! Early warning signals, blocklist gaps, and a SonicWall spike that echoes the pattern that preceded a CVE: greynoise.io/resources/noise…

“Suddenly”…. 🤣

After actively scrolling for 10 minutes or so, I'm so grateful that I'm disconnected from the world during my workday for the most part. I don't know how people spend so much time on here and not go crazy.....

Hell yeah!

The last 6 days have been full of rain, but the break from work was needed regardless of the weather. I got to disconnect and just be a dad and husband, and for that, I'm grateful.

The view every time I turn the corner from the kitchen and my office door is open. Cc: @_Invadergirl