JD Work @HostileSpectrum Twitter profile

Last Seen Profiles

@starshiny

@aga_buczynska

@IsraelIstanbul

@binarydances

@pmoorthy21

@DSABasketball

@TheWolfLurks

@propergandar

@aimirror_app

@Martha_Gil_

@viodegas

@MediaTek

@masterchefbr

@brokenrider27

@BCUGridiron

@MersthamFC1892

@IAmMarcAlexandr

@Malume_J_Rupert

@RobbyDischer

@NewTechFootball

@evdeenss

@Dvane

@GromNaN

@jlcookri

@TQuifes

@MiriamHessen

@Necrovlr

@HollyLynchez

@ENTETU4

@hannamykhailova

@IramMedya

@sacbabi

@heng_pung_lee

@bl00dy_pupet

@Mechazawa

@Eckaslol

JD Work

@HostileSpectrum

2 years

This Uber verdict really is going to destroy CISO positions. If one can brief legal, obtain approval by the CEO, & still be hung out to dry for response actions that a hundred other firms have likely taken with far less structural cover, then there can't be enough $$ to sign on

33

104

808

JD Work

@HostileSpectrum

5 years

TFW you are passing through a border police checkpoint and the screen is merely showing “exploit.bat”. @ANSSI_FR may wish to look at network at CDG airport.

9

139

410

JD Work

@HostileSpectrum

2 years

Unconfirmed reports from ransomware continuing criminal enterprise that a major technology sector victim has executed reciprocal intrusion, encrypting threat actor's own infrastructure. Not the first private sector CCO if true, just rare example where adversary acknowledges

18

76

398

JD Work

@HostileSpectrum

2 years

A lot of cyber intel shops are in wartime ops tempo for the first time. Remember mandatory rest cycles. Keep in mind battlefield rhythms in combatants time zone, & across their reachback teams. Rotate folks that are up, & make sure formal handoff briefs happen. It gets worse yet

9

73

380

JD Work

@HostileSpectrum

3 years

In the style of @xkcd , types of cyber threat finished intelligence papers.

3

54

254

JD Work

@HostileSpectrum

3 months

The uninitiated reacting to Linux mailing list exchanges, for the first time realizing that one of the most complex things ever built by human hands that drives their phone, entertainment, car, banking, medical care, food & retail, power, & water exists because one man…

4

36

143

JD Work

@HostileSpectrum

2 years

The number of replies in this thread that fail to recognize the unprecedented nature of criminal charges for a dispute over the extent of incident disclosure, imposed retroactively, is precisely why future CISO candidates will be watching reactions to this case & walk away

5

6

138

JD Work

@HostileSpectrum

2 months

@mr_james_c Bulterian jihad consequences. Mentat capacity becomes bottleneck to complex financial instruments. Otherwise calculating variables across interstellar distances and at generational time scales of an ossified feudalist empire becomes impossible.

1

2

113

JD Work

@HostileSpectrum

2 years

If you are watching more than a half million dollars change hands for a jpg, you are looking at money laundering, or something so close to it as to be functionally indistinguishable.

2

22

101

JD Work

@HostileSpectrum

4 years

The full cryptanalytic story behind these intercepts & breaks is likely to be groundbreaking. The use of such intelligence in this context is also nearly unprecedented.

Christo Grozev

@christogrozev

4 years

In a long, encrypted phone call (apparently not too well encrypted), Putin aide Surkov coaches Boroday, and takes requests from him. They both laugh after Boroday explains Donetsk is a "humanitarian disaster" that will need to survive on Russian aid.

5

228

372

0

33

95

JD Work

@HostileSpectrum

2 months

@mikko Cries in .zip

2

0

101

JD Work

@HostileSpectrum

7 months

@AmyZegart It was not OSINT that led to this. It was uncritical media simply relaying adversary propaganda issued within minutes of events. As in many earlier cases. This time they were called on it.

5

15

91

JD Work

@HostileSpectrum

2 years

Russian legalization of software piracy 🏴‍☠️ in the face of de facto economic blockade has very different meaning in cloud era, will effectively require ongoing intrusion to sustain some options. Anticipate state support & new ops initiated against novel target problems.

3

29

86

JD Work

@HostileSpectrum

1 year

Offensive implant devs seem to have a new option to avoid high bandwidth exfil of full audio take from compromised targets by generating automated transcripts at the endpoint. Pair with lightweight selectors to flag topics in selected segments for priority review. P&E to edge

2

24

86

JD Work

@HostileSpectrum

2 years

Interesting analysis. I would argue however it is not that GRU is suddenly incompetent, but rather that their tradecraft had never really been tested by the contemporary ops environment in a way that had forced US & other services to evolve. First time facing new realities

Modern War Institute

@WarInstitute

2 years

"There are two possible explanations for an apparent operational breakdown of this scale: either one of the most elite elements within the GRU has become grossly incompetent, or the Kremlin has been scattering breadcrumbs deliberately."

2

13

46

1

14

82

JD Work

@HostileSpectrum

1 year

First the story about alleged covert action against Nord Stream supposedly involves a whole fleet exercise & fancy new sonar tech built for purpose. Now the tale shifts to something about a yacht with a commando crew. Next we are gonna find out it was a drunken fisherman’s boat…

1

5

78

JD Work

@HostileSpectrum

2 years

The mental gymnastics required of those who wish to downplay or ignore offensive cyber ops in Ukraine are becoming increasingly elaborate. Especially as delay in reporting of more recent incidents, & continued limited victimology disclosure, impose greater lag in intel picture

2

25

68

JD Work

@HostileSpectrum

3 years

How a state treats its former mercenaries says much about the prospects of its combat power in times of future need.

3

19

73

JD Work

@HostileSpectrum

1 year

Perhaps if some 30K+ vehicles had not been abandoned in Afghanistan we would not have to debate how quickly DOD recapitalized its transport for electric. Especially given the far higher priority spend for things that will be needed for fight in Pacific mud, jungle, & salt water

2

21

70

JD Work

@HostileSpectrum

3 years

Cyberpunk AF, in the oldest of schools...

2

11

73

JD Work

@HostileSpectrum

6 months

Remembering today those who go into harms way, in services military and strategic

2

13

70

JD Work

@HostileSpectrum

4 years

Given magnitude of current public health crisis, it is well past time to consider prompt .mil responses to ransomware against medical sector targets. Up to & including options for lethal kinetic actions. Break a hospital for profit during pandemic & be treated like a war criminal

abuse.ch

@abuse_ch

4 years

I really hope that bad guys step back in the coming weeks and do not attack & encrypted hospitals with ransomware #coronavirus

14

39

134

3

18

67

JD Work

@HostileSpectrum

2 years

The Russian military is used to thinking about fighting those who have to go to war with the equipment they have. Facing an agile, responsive group of hardcore engineers that can ship updates under fire to gear that is built for this is simply outside of their military experience

Elon Musk

@elonmusk

2 years

@SpacePadreIsle Some Starlink terminals near conflict areas were being jammed for several hours at a time. Our latest software update bypasses the jamming. Am curious to see what’s next!

997

3K

24K

2

15

68

JD Work

@HostileSpectrum

2 months

Every time one sees an official advocating for a ransomware payment ban, the correct response is not to debate the policy failure modes that result from such a proposal. It is to call out that having failed to provide for the common defense & thereby abdicated Westphalian…

7

13

67

JD Work

@HostileSpectrum

2 years

@Dave_Maynor Criminal verdicts make this an entirely different proposition. Esp when the lawyer that was intended to keep proposed courses of action within boundaries of what was permissible is granted immunity, whilst GC maintains plausible deniability.

4

3

63

JD Work

@HostileSpectrum

2 years

Pleased to note that my paper on "Offensive Cyber Operations and Future Littoral Operating Concepts" has been published in Military Cyber Affairs. Given the recent focus on ships fighting forts, it is more timely than expected when the research started.

Offensive Cyber Operations and Future Littoral Operating Concepts

Introduction of new ground-launch cruise missile options to hold adversary naval targets at risk in order to support conventional deterrence objectives through sea control and sea denial missions is...

digitalcommons.usf.edu

1

19

65

JD Work

@HostileSpectrum

3 years

It seems we are apparently now less than a generation out from an autonomous UAV swarm tracing a Langford fractal over a major urban area. Mass basilisk stare as performance art, via poison pen culture jamming of political / corporate advertising

3

11

59

JD Work

@HostileSpectrum

6 months

If the international community wanted to be serious about hostage release it would not be talking payment & concessions but rather countervalue economic targeting of HAMAS leadership finance, including through offensive cyber ops, for every soul abducted every day held

2

22

64

JD Work

@HostileSpectrum

1 year

Seeing tactical COMINT from the battlefield routinely published openly by a state service engaged in active combat within 48-72 hours of collect will never cease to be entirely surprising. This is a level of visibility unprecedented in war since the introduction of signal service

0

13

64

JD Work

@HostileSpectrum

2 years

Space based commercial ELINT, much like overhead SAR, is a game changing development for OSINT.

0

15

61

JD Work

@HostileSpectrum

4 years

That moment when CNO & illegals programs are burned so hard in the same week that it costs the CPC a consulate, & station is forced to execute a crash teardown.

Washington Examiner

@dcexaminer

4 years

. @HoustonFire responded to reports of fires breaking out inside the consulate, but were not able to enter because of Chinese sovereignty. Chinese officials were reportedly burning documents in the consulate's courtyard.

3

16

28

3

11

58

JD Work

@HostileSpectrum

11 months

The fact that the former Oculus business unit could not provide their executives with advanced warning of design form & tech specs for the most significant new entry to the VR / AR marketplace is perhaps the worst competitive intel failure acknowledged in quite some time.

3

2

62

JD Work

@HostileSpectrum

11 months

Irregular warfare in Russian rear lines, & associated disputes between mercenary warlords, is giving off some serious early 1600s vibes right now. More than half expecting another False Dmitri to emerge, cementing a neo smuta.

2

6

61

JD Work

@HostileSpectrum

7 months

Background checks for 3D printers is as abhorrent to a free society as government licensing of printing presses.

4

9

61

JD Work

@HostileSpectrum

3 years

One suspects that attempts to purge open source offensive tooling from common public code repositories may well merely worsen the current proliferation problem space through greater information asymmetries, & opportunities for adversaries to abuse more closely knit red team COI

Dave Kennedy

@HackingDave

3 years

GitHub is increasingly becoming a place we need to be concerned with on the offensive security and research side.

24

100

516

4

17

57

JD Work

@HostileSpectrum

2 years

Ultimately these cases come about because of abdication of government responsibility to protect the trade & industry within their states. Government monopoly on legitimate violence, even virtual, is granted by contract to defend those who forgo own recourse. Abandon this at peril

1

7

59

JD Work

@HostileSpectrum

6 months

Further evidence in the revolution in intelligence affairs, as commercial space situational awareness tracks what they assess is an attempted clandestine deployment of an overhead ELINT satellite. One infers that TsNIRTI & ROSCOSMOS will be forced to react in future launches.

LeoLabs

@LeoLabs_Space

6 months

⚠️ We've detected a secondary object in close proximity to Object C, a payload released by Russian satellite COSMOS 2570 around October 30. Our radar measurements indicate that this newest object was released by Object C, possibly on November 23 at 14:00 UTC.

18

261

1K

2

26

61

JD Work

@HostileSpectrum

9 months

Network analysis, the hard way. But proof that the best intel orgs have always thought in graph...

Bletchley Park

@bletchleypark

9 months

This floor-to-ceiling diagram, known as a Morrison Wall, was created by Bletchley Park's SIXTA team. SIXTA were tasked with mapping enemy communications, figuring out who was talking to who. You can find out more about SIXTA over on our podcast ⬇️

5

79

251

4

15

59

JD Work

@HostileSpectrum

11 months

If Google can’t stop it’s serial product murder spree from killing something as fundamental as domain services, there is almost no chance that it will sustain expensive, esoteric AI platforms should customers be foolish enough to anchor mission critical functions to empty hope

4

10

59

JD Work

@HostileSpectrum

9 months

@RoyalMarines Small boats, daring men... Godspeed to those taking the fight to the enemy.

0

4

58

JD Work

@HostileSpectrum

24 days

I have been struggling for more than a week to find any words that would do justice to the loss we have suffered in the death of @Calaquendi44 . She was the best of us. When speaking of the fragility of capabilities pipelines her work was so often the illustrative case, as she…

Margin Research

@Margin_Research

27 days

Statement on the passing of Sophia d’Antoine, CEO and founder of Margin Research @Calaquendi44

0

122

338

1

16

58

JD Work

@HostileSpectrum

2 years

Case also illustrates several fallacies of common strawman arguments against private sector hackback. Targets can be identified, & collateral damage can be avoided with professional planning & execution. Motivations are not merely revenge, & outcomes are not simply emotional lvl

1

3

56

JD Work

@HostileSpectrum

1 year

Since there is much focus today on evaluating long range estimative accuracy, let us look back at 1923 forecasts of war in 2023. Starting of course with prehistory of cyber, in one of the earliest assessments of SIGINT strategic value: which could have been written about RUS-UKR

1

13

57

JD Work

@HostileSpectrum

2 years

From victim's perspective, this is a damage limitation operation. It prevents leaks for further extortion pressure, reduces potential loss of proprietary info & trade secrets, & provides strong bargaining leverage in negotiations with criminal actor

2

1

56

JD Work

@HostileSpectrum

2 years

I am pleased to note that my article looking at conditions under which counter-cyber operations may risk escalation has been published @Intel_IJIC . It explores multiple scenarios in which loss of espionage & direct action access in crisis might lead to war

Burned and Blinded: Escalation Risks of Intelligence Loss from Countercyber Operations in Crisis

As the limitations of purely defensive cyber operations continue to be demonstrated in the continuing pressure of hostile cyberthreats, the U.S. government has introduced new doctrine to shape coun...

www.tandfonline.com

3

16

57

JD Work

@HostileSpectrum

6 months

Folks studying contested logistics ought well take note of port protests over past few days. & expect exponentially worse on first days of next war, as cadres & fellow travelers are mobilized to make good on those longstanding paychecks at what will be the worst time for delays…

2

15

56

JD Work

@HostileSpectrum

3 years

I remain uninterested in analysis of cyber threats that does not actually look at any hostile observables. Making word clouds out of Beltway fog does not produce insight. Nor does attempts to mash various glossy statistics together absent any understanding of underlying incidents

4

11

57

JD Work

@HostileSpectrum

4 years

Once again live cases entirely invalidate the argument for mandated backdoors. Sufficient investment in the cryptanalytic & offensive cyber enterprise, for use solely against narrowly selected targets, can & will meet mission requirements without arbitrary insecurity by gov fiat

[email protected]

@CodeColorist

4 years

One bug was introduced by iOS 6. Another one was introduced by iOS 3. That is, this grandpa bug also affects the very first generation of iPhone. It has survived more than 10 years. Honestly I don’t believe that I’m the first one who found this.

11

36

227

1

11

55

JD Work

@HostileSpectrum

5 months

Dying for the needs of the service is easy. Doing more than twenty years in gulag because the adversary turned the asset you were trying to save is a whole different level of hard. Never forget the sacrifices of those who came before.

NCSC

@NCSCgov

5 months

#OTD 1952, @CIA officers John Downey and Richard Fecteau were shot down in a C47 over China trying to exfiltrate an agent. Unknown to them, the agent had been captured & turned to lay a trap. Both officers were captured by China. Fecteau was released in 1971, Downey in 1973.

7

17

60

2

14

54

JD Work

@HostileSpectrum

1 year

The detail that jumps out the most in this new revisionist tale is the supposed detection of explosive residue on a table aboard a yacht. & no journalist thought to ask the basic question of how such residue would be transferred from a properly waterproofed IED to said table.

1

4

53

JD Work

@HostileSpectrum

2 years

History, in cipher.

0

17

53

JD Work

@HostileSpectrum

4 years

Expect similar lawfare tactics to expand to cyber threat intel firms attributing intrusions to .cn nexus actors. Truth is an absolute defense, but the process is punishment.

Adrian Zenz

@adrianzenz

4 years

Breaking: Beijing threatens to sue me for libel (slander). An unprecedented threat against a foreign academic. Also likely designed to intimidate media outlets & others re collaborating with me, or doing similar research. Attempt to isolate myself (and ASPI).

170

887

2K

3

18

51

JD Work

@HostileSpectrum

3 years

Long term cognitive corrosion: Search is increasingly just broken. Censorship, bots, & manually interactive malign influence campaigns poison what little discourse is possible in narrow slivers of ad-choked UI. Subscription services outputs have fallen, & become ever more shallow

1

11

52

JD Work

@HostileSpectrum

9 months

That employees of a firm working on behalf of sanctioned state intel services for a regime engaged in a war of territorial aggression are allowed to attend a cybersecurity industry conference unchallenged by organizers or other attendees is a travesty. This does not get better…

3

19

50

JD Work

@HostileSpectrum

3 years

It says something about the anticipated level of coming civil unrest when sophisticated denial & deception to protect critical infrastructure not only makes sense but immediately inspires further demand.

Dan Ports, @[email protected]

@danrkports

3 years

This is a fascinating data center disguised as a McMansion, and it can be yours for only $989k!

78

243

2K

3

9

51

JD Work

@HostileSpectrum

3 years

Unexpectedly an entire generation of hackers suddenly had serious financial incentives to upskill on GPU driver reversing & modification (even if only to cash cryptobro paychecks). Will likely be able to trace the genesis of many future firmware implants found downstream ITW here

2

15

50

JD Work

@HostileSpectrum

1 year

Pleased to see that a new article by Richard Aldrich and I has just dropped open access @IntelNatSecJnl . Here we look at the declassified record of @GCHQ in securing Project Spaceman, an early UK MoD mainframe built by ICL

Project Spaceman: early British computer security and automatic data processing

Much has been written about the prehistory of ‘cyber’ and computer security in the United States, but we know less about other countries. This essay seeks to examine early British efforts in this f...

www.tandfonline.com

1

23

50

JD Work

@HostileSpectrum

1 year

Exceptionally excited to see @Maxwsmeets & @BobbyChesney book looking at cyber as an intelligence contest now in hardcopy from @Georgetown_UP . I am honoured to have contributed a chapter assessing private actors who are involved in cyber conflict “by way of necessity”.

3

8

51

JD Work

@HostileSpectrum

1 year

NBD, just a researcher at #CYBERWARCON disclosing APT28 attributed compromise of SATCOM with impact to natural gas pipeline operators in spring of this year… your shop did have this targeting interest on your I&W matrix before threat action was disclosed, didn’t you?

1

18

48

JD Work

@HostileSpectrum

9 months

@MicroSFF The basic function for wormable malware delivery, invented in arcane form. The curse payload that follows becomes more interesting thereafter...

1

0

50

JD Work

@HostileSpectrum

4 years

@RidT Re intel visibility, one may also suggest that whatever window that offered this insight may now be closed, given willingness to leverage in indictments. Or the stakes of impressing upon the Kremlin the degree of which they have been burned matter more, to prevent new adventurism

1

4

45

JD Work

@HostileSpectrum

4 years

Somewhere an officer or analyst needs to hear this: You may one day find yourself the repository of unique insight on tradecraft or target. Do not let others hold you back from cultivating & sharing properly. Keep pushing one day your work may be more pivotal than you can imagine

3

14

49

JD Work

@HostileSpectrum

2 years

The Starlink constellation reaching the 3500 sat threshold this week with little fanfare seems to at last prove retroactively that BRILLIANT PEBBLES was a viable concept of operations, & that marginal cost ratios could be met. What if the adversary leverages this knowledge first?

2

13

48

JD Work

@HostileSpectrum

3 years

In the 90s, concern over possible deliberate maritime oil release due to ongoing Middle East conflict prompted a standing DOD mission to monitor & prepare crisis response options. By the 20s, just another day in ongoing .sy war, tracked in OSINT via overhead multispectral & SAR

Wim Zwijnenburg

@wammezz

3 years

We're continuing to monitor the oil spill from Baniyas in #Syria and the cross-boundary marine pollution risk for Cyprus and Turkey coasts. Here's the latest @sentinel_hub S-1 SAR imagery from Sept 4 & 5 showing the oil steamers moving north and west due to wind and currents

3

39

81

1

9

48

JD Work

@HostileSpectrum

10 months

Several shipping containers worth of autonomous Skyborg / Loyal Wingman UCAVs strapped to the deck of light amphibs in disaggregated ops are likely to prove more decisive in the war that is coming than entire carrier strike groups

Dr Emma Salisbury

@salisbot

10 months

Annoy a navalist in one tweet

371

10

153

3

19

47

JD Work

@HostileSpectrum

1 year

The first decisive indication that classical encryption algorithms have been broken by novel quantum cryptanalytic attack will almost certainly be a large number of dead human intelligence assets

4

2

48

JD Work

@HostileSpectrum

2 months

Not just Vietnam era. Somewhere there is a picture of me & some folks circa mid 90s running RHIBs in an exercise against a nuclear power facility, all wearing woodland over (rather muddy) jeans; after a long night supporting insertion & exfil of the cool kids.

U.S. Naval Institute

@NavalInstitute

2 months

During the Vietnam War, it was not uncommon for U.S. Navy SEALs to wear blue jeans in combat. In the jungle environment, the SEALs found that Levi's jeans were more comfortable and durable than their issued fatigue pants. Plus it made a fierce fashion statement. #FunFactFriday

37

207

1K

3

12

45

JD Work

@HostileSpectrum

1 year

Tired: F-22 as an exquisite sensor that brings unprecedented situational awareness to ensure battlespace dominance Wired: Conflicting pilot accounts prevent DOD from describing unknown contact engaged over domestic airspace Inspired: Commercial overhead IMINT platforms weigh in?

2

16

46

JD Work

@HostileSpectrum

2 years

Imagine an alternate history in which Germany possessed not only energy security & resilience but also a sufficiently robust offensive cyber program to hold .ru gas infrastructure at risk, as mutual counter-value response to attempted economic coercion.

6

5

47

JD Work

@HostileSpectrum

2 years

A new issue of @Intel_IJIC has finalized. For those folks obsessed with Russian intelligence service behavior, includes a look at doctrine & practice for operational games & combinations towards disinformation objectives.

Operational Disinformation of Soviet Counterintelligence during the Cold War

During the Cold War, the USSR (Soviet Union) and the United States were in a state of permanent political and thus information and psychological competition, conducted using various methods and for...

www.tandfonline.com

1

14

46

JD Work

@HostileSpectrum

2 years

When researchers said no more free bugs, they were serious. This includes red teams. If vendors fail to appropriately incentivize disclosure against prevailing market rates, somebody is gonna pay the bills.

2

18

45

JD Work

@HostileSpectrum

4 months

Given Hamas operational history delivering incendiary devices via balloon, one cannot rule out that airport “protest” may serve as a dry run for attack against flights. Whether on approach or departure, or on flight line (especially when fueling). Calls for immediate anti…

4

22

47

JD Work

@HostileSpectrum

1 year

If as an intelligence professional you spend your time yelling about politics in public & industry forums, do not be surprised when one day you find your product ignored, because consumers & leadership remember comportment, or lack thereof. Politicization will be presumed to have…

1

13

45

JD Work

@HostileSpectrum

2 years

I am starting to believe the Russian army might well lose this thing. It is perhaps one of the most dramatic reversal of fortunes in war in history. & it essentially happens 1st as an intelligence victory. The prospect of VVP desperate in defeat may be worse than if he had won.

2

11

44

JD Work

@HostileSpectrum

1 year

Bellingcat rolling through GRU officers all living in the same apartment building like early 2000s Crystal City landlords.

0

5

45

JD Work

@HostileSpectrum

11 months

Tactical SIGINT along the M2 highway is almost certainly the highest priority collection target in the world... One wonders how many FSB officers remain sober to even work the mission...

JD Work

@HostileSpectrum

11 months

Given open source reporting that FSB had multiple days warning of imminent action by PMC Wagner forces, it seems sustained intrusion operations likely provided the highest measure of advantage. Whether this was squandered by decisionmakers will await history's judgement

0

4

17

3

21

45

JD Work

@HostileSpectrum

11 months

Gang warfare is the wrong analogy to what we have seen over the past 24 hours. It is a simple argument seductive in its reductionism. But this elides the complex military dimensions of the organizations supporting both factions wielding a kind of sovereignty we have not grappled…

0

9

45

JD Work

@HostileSpectrum

2 years

The effective global blockade developing against Russia is increasingly at the network & financial levels a thing of private sector power, independent of state policy. Counterparty risk decisions cannot tolerate regime destabilizing order. But makes offramps harder to negotiate

JD Work

@HostileSpectrum

2 years

Estimates of Russian offensive cyber retaliation should no longer be framed as a reaction to the problem of sanctions, but rather as now shifting to a profoundly more existential problem of contesting de facto blockade warfare. Because Kremlin planners likely perceive it this way

0

4

31

1

5

44

JD Work

@HostileSpectrum

1 year

If your live fire exercise is not an over the horizon engagement under denied spectrum where ISR target custody is actively contested by deception & where you face wicked weaponeering problems against multiple targets due to munitions shortages, & have to account for aggressive…

2

12

45

JD Work

@HostileSpectrum

4 years

Someone needs to coin a new term for “false flag” m-type deception supporting lawfare with deliberately scoped blowback intent. The old saw “let’s you & him fight” does not seem to do this justice.

@[email protected]

@qwertyoruiopz

4 years

Update: The DMCA takedown that took the checka1n post down is fake.

28

56

598

2

5

39

JD Work

@HostileSpectrum

1 year

The first season of @GreatDismal 's The Peripheral ends, & suddenly @NCA_UK is announcing raids as crackdown on the klept? Seems like some folks might now be determined to reshape this present stub in light of imagined futures...

2

8

43

JD Work

@HostileSpectrum

2 years

@TheSharp0ne One day, the drones will draw the Parrot... and we will all regret not having put a stop to this sort of thing earlier.

JD Work

@HostileSpectrum

3 years

It seems we are apparently now less than a generation out from an autonomous UAV swarm tracing a Langford fractal over a major urban area. Mass basilisk stare as performance art, via poison pen culture jamming of political / corporate advertising

3

11

59

0

6

43

JD Work

@HostileSpectrum

2 years

For those only now catching up on the Predatory Sparrow campaign, you may find of interest earlier analysis of the actors’ signaling, restraint, & efforts towards responsible offensive ops.

Balancing on the rail – considering responsibility and restraint in the July 2021 Iran railways i...

JD Work [1], [2] An intrusion against a railway network, resulting in destructive effects leading to disruption of cargo and passenger transportation, would in previous decades likely have been con…

offensivecyber.org

0

9

41

JD Work

@HostileSpectrum

2 years

Anticipated nationalization of Russian aviation assets whose current operations have been rendered untenable due to developing economic blockade will likely drive immediate tactical req for intrusion against manufacturer networks, as part of surge needs towards Moscow's own juche

JD Work

@HostileSpectrum

2 years

The effective global blockade developing against Russia is increasingly at the network & financial levels a thing of private sector power, independent of state policy. Counterparty risk decisions cannot tolerate regime destabilizing order. But makes offramps harder to negotiate

1

5

44

4

14

40

JD Work

@HostileSpectrum

1 year

It should not be a surprise that when the cyber threat intel ecosystem has prioritized finding novelty in new binary artifacts above all other reporting prioritization criteria, adversary adapts to the least interesting access modes in living off the land

4

9

43

JD Work

@HostileSpectrum

1 year

Since revision of certain authorities is back in the news, it is a useful moment to consider how the debate over US government policy options & the realities of process came to be. It appears less may now change than critics anticipated, but there are solid apolitical reasons why

Hudson Institute

@HudsonInstitute

2 years

WATCH NOW 🚨 Hudson's @EzraACohen sits down w/ @0xAlexei , JD Work @HostileSpectrum & @JoshuaSteinman to discuss the future of cyber warfare.

3

28

51

2

12

40

JD Work

@HostileSpectrum

5 months

Seeing extreme sports influencer midair videos of wing suit drop on long glide path off the coast of Venezuela & it perhaps makes The Peripheral one of the most accurate @GreatDismal predictions of cover for action for JSOC clandestine insertion one could have ever written

0

4

42

JD Work

@HostileSpectrum

2 years

When the debate over cyberwar in Ukraine has gone so far off the rails that NATO intelligence feels the need to publicly correct the record… an overdue but much needed contribution that one is glad to see.

1

14

41

JD Work

@HostileSpectrum

3 years

So many lovely exploitable legacy boxen in newly deployed UAV trailers... Someone will no doubt be collecting them all...

3

6

40

JD Work

@HostileSpectrum

1 year

The product I most wish cyber intel shops would publish is evaluation of their own collection coverage & analytic production performance. Forcing formal review of known misses creates basis for gap analysis in later FINTEL. But increasingly clear this isn’t even done internally

4

7

41

JD Work

@HostileSpectrum

11 months

@Aviation_Intel High condensation conditions would be precisely the reason why these would not be suitable for zero defect mission critical applications. Form factor is one thing, component specification another.

2

0

38

JD Work

@HostileSpectrum

9 months

@mikko @Windows The malware authors most appreciated feature…

1

3

39

JD Work

@HostileSpectrum

10 months

Lockbit claim of hit on TSMC certainly requires skepticism until extent of impact, if any, is known. But this is a good opportunity for many shops, & mission planners, to evaluate day 1 wartime scenarios.

1

3

41

JD Work

@HostileSpectrum

1 year

Who among us has not been so lucky as to have the host nation police service destroy one’s forgotten stingray as a suspected IED after having been caught after two too many bottles of good vin in Paris? Can only imagine how many fingers are crossed hoping antiforensics works

2

9

39

JD Work

@HostileSpectrum

21 days

A note on analytic distinctions: APT44 / SANDWORM / VOODOO BEAR is not merely a sabotage unit, although this is among their missions. They are also a cyberwarfare unit, in both Russian and US doctrine. Let us not forget what they intend when they come out to fight.

3

6

40

JD Work

@HostileSpectrum

2 years

Russian paranoia about Starlink constellations as a de facto on orbit ASAT / space control architecture were just increased by several thousand basis points.

3

7

38

JD Work

@HostileSpectrum

2 years

Taps sign....

2

9

40

JD Work

@HostileSpectrum

3 years

Simple rule for threat intel. If you write on an activity cluster more than 3 times, or brief to senior leaders even once, it needs a descriptive cryptonym. Not arbitrary numerical designators. Executive level audiences simply will not remember, or even care, about your UNC or TG

3

10

40

JD Work

@HostileSpectrum

6 years

The Olympic drone swarm seems as much a soft power demonstration of dual purpose capability as art. Cyberpunk dystopian technology visualized at the most militarized border.

1

13

38

JD Work

@HostileSpectrum

2 years

If your cyber intel shop is not already working on estimating reactions to .cn chip industry wide “decapitation” as a result of sweeping new export control restrictions, it is already late to need. Almost certain that MSS, PLA, & contractor planners are working on FUOPS surge…

1

15

38