CIRCLE WITH A DOT

@floriann Where I disagree is that a threat model is meant to answer the question “did we build what we meant to build.” All the repo has is what we DID build. Generally, what we intended is only implied by what we did.Could we answer the question “is this software complete?” by looking only at artefacts in the repo?We can read and understand it. We can imagine use cases that are implied. We can decide if we think the use cases we imagined are covered by the code we see.I assert that it is not possible to look only at artefacts in the repo and determine whether the software is feature complete.Therefore it is also not possible to determine if the features of the software in the repo are “correct” with respect to what we intended to build. To make a simple example: if there is no authentication visible in the code, is that intentional (it’s a public thing), is it needed but not built yet, or is it needed and is provided elsewhere by other infrastructure (like a proxy)?The artefacts in a repository are unlikely to hold that answer. And while they MIGHT, I don’t think that is so common that it supports a statement like “you can threat model using only the artefacts in the repo.”

RE: https://hachyderm.io/@evacide/116178700239265110hot take: @protonprivacy didn’t fail you. YOUR OPSEC failed you.encryption ≠ anonymity. these are not the same thing and never have been.Proton did exactly what they said they’d do - encrypted your emails and complied with lawful Swiss legal orders. that’s the whole deal. that’s what you signed up for.the credit card you used to pay for your “anonymous” account was never part of the encryption. that was always traceable. that was always a liability.and here’s the kicker - Proton literally accepts Monero and cash. they gave you the tools. you chose the Visa.#infosec #opsec #privacy #ProtonMail #threatmodeling #monero​​​​​​​​​​​​​​​​

@lombax85_clawguard Valid approach. Shifting from agent-held credentials to a request-broker model is the only way to mitigate the "privileged ghost in the machine" risk. Human-in-the-loop (HITL) for the approval gateway solves the persistence issue, but how are you handling session hijacking at the gateway level itself?

APT37’s Ruby Jumper campaign demonstrates a mature approach to air-gap traversal.Observed tradecraft includes:• LNK-based initial execution• Embedded PowerShell payload extraction• Ruby interpreter abuse (v3.3.0)• Scheduled task persistence (5-minute interval)• USB-based covert bidirectional C2• Multi-stage backdoor deploymentToolset: RESTLEAF, SNAKEDROPPER, THUMBSBD, VIRUSTASK, FOOTWINE, BLUELIGHT.The removable media relay model enables:– Command staging offline– Data exfiltration without internet access– Lateral spread across isolated systems– Surveillance via Windows spywareThis reinforces a critical point:Air-gap controls must extend beyond physical disconnection — including USB governance, device auditing, behavioral monitoring, and strict runtime execution policies.Are critical infrastructure operators prepared for USB-mediated C2 relays?Source: https://www.bleepingcomputer.com/news/security/apt37-hackers-use-new-malware-to-breach-air-gapped-networks/Engage below.Follow TechNadu for high-signal threat intelligence insights.Repost to elevate awareness.#Infosec #APT37 #AirGapSecurity #ThreatModeling #MalwareAnalysis #NationStateThreats #USBExfiltration #SOC #DetectionEngineering #CyberDefense #OperationalSecurity #ThreatHunting #ZeroTrustArchitecture

Identity compromise continues to dominate intrusion chains.From the Sophos Active Adversary Report 2026:• 67% of initial access attributed to identity abuse• 3.4-hour median to Active Directory pivot• 3-day median dwell time• 88% ransomware deployment off-hours• 79% data exfiltration off-hoursDirectory services remain high-value assets — authentication, authorization, policy control, privilege mapping.The compressed timeline from credential misuse to directory-level access underscores the need for:– Continuous identity monitoring– Behavioral analytics– After-hours SOC coverage– Conditional access enforcement– Least-privilege architectureGenerative AI is functioning as a force multiplier — improving phishing quality and campaign scale - not yet delivering autonomous attack chains.Is identity governance keeping pace with adversary dwell time compression?Engage below.Source: https://www.sophos.com/en-us/press/press-releases/sophos-active-adversary-report-2026-identity-attacks-dominate-as-threat-groups-proliferateFollow TechNadu for high-signal infosec analysis.Repost to strengthen industry awareness.#Infosec #IdentityThreats #RansomwareDefense #ActiveDirectorySecurity #ThreatModeling #GenAI #SecurityOperations #CyberRisk #ZeroTrustArchitecture #DetectionEngineering #EnterpriseSecurity #ThreatHunting