Home page logo

dailydave logo Dailydave mailing list archives

Re: Late Friday thoughts on the Kevin Mandia RSAC keynote.
From: Richard Bejtlich <taosecurity () gmail com>
Date: Mon, 24 Mar 2014 18:15:08 -0400

...and this is why I don't usually respond here.

It's time for me to leave the list.

Good luck,


On Mon, Mar 24, 2014 at 5:28 PM, security curmudgeon
<jericho () attrition org> wrote:

On Mon, 24 Mar 2014, Richard Bejtlich wrote:

: I'm glad you thought it worthwhile to analyze whatever you analyzed, but
: after our report was public, the heads of the House and Senate Intel
: Committees, NSA, and others I won't name, said Mandiant got the
: attribution correct.

Because the government, also using closed sources and voodoo, is always
100% accurate? Please.

J. Oquendo shows his methodology using your data, which doesn't match
your conclusions. How about you answer his sincere question with a real
answer, not who you rub dicks with?

: > With all due respect to your researchers, colleagues, etc,
: > I took your APT1 data, ran it through all sorts of analysis'
: > all sorts of recon and I could not for the life of my come
: > to the same conclusions that you guys did.
: >
: > All your data run through Sentinel Analysis
: > http://www.infiltrated.net/aptredux/
: >
: > There is no voodoo, dirty tricks there, its all recorded
: > for all to see. Here is a mind map of all of Mandiant's
: > data:
: >
: > http://infiltrated.net/straggler-f211596a8ac0cac13983ad2b98a71108/straggler-mapped.html
: >
: > 70% plus, were mapped to one industry, not CN government.
: > Did you guys (Mandiant) omit some secret sauce, because I
: > still have a difficult time piecing together how - outside
: > of an IP address, and one name (UglyGorilla) - you guys
: > can even attribute this to CN gov.
Dailydave mailing list
Dailydave () lists immunityinc com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]