Bryson Bort

February 18, 2021

How to Defend Against Ransomware

At the RSA Conference in 2020, I gave a joint talk with Chris Krebs, CISA Director at the time, on the formal collaboration between the agency and the non-profit, ICS Village. One of our biggest concerns for the future was ransomware. And unfortunately, we were right.

Read Now

May 29, 2020

"Measuring Cyber Risk" webinar with Bryson Bort & Paul Rosenzweig.

Good management of cyberspace requires a system of cyber metrics that are transparent, auditable, practical, scalable and the most difficult: widely agreed upon. To that end, we will evaluate various approaches to cyber risk quantification with the aim of informing the development of a public standard for measuring cybersecurity

Read Now

May 8, 2020

Bryson Bort's presentation at DerpCon - Entrepreneurial Adventures: Starting Your Own Company

So you’re not crazy, you just want to start your own company. Which kinda takes a level of crazy to pull it off. We’ll talk through what it takes to be an entrepreneur, different kinds of companies (service, product, non-profit), the market, back-office administration, pricing and economics, and my experiences starting three companies.

Read Now

May 8, 2020

Wild West Hackin' Cast by Bryson Bort & Jorge Orchilles - Adversarial Emulation with the C2 Matrix

Open source tool release and updates: this is information for the community and a call to action! We have created an open-source C2 evaluation framework so that teams can easily determine what’s the best tool for penetration testing/red teaming particular scenarios.

Read Now

April 8, 2020

From Moonshot to Slingshot (C2 Matrix Edition)

Having participated in the Cyber Moonshot last year, I’ve seen where grand vision tries to achieve reality. Being a former operator, I’ve always been more comfortable putting tools in the hands of those that can help.

Read Now

More BLOG POSTS

July 26, 2021

Adaptive Adversary Emulation (Part 1): Execution Details

Back in 2019 at the inaugural SANS Purple Team Summit I gave a talk titled “Adaptive Adversary Emulation with MITRE ATT&CK®”. In the talk I go over how small changes to adversary emulation plans can provide significant results and allow a deliberate approach to generating iterative tests.

Read Now

July 22, 2021

You can’t detect 0-day exploits but… you can detect what happens next

A zero day (or 0-day) is a vulnerability that is not known by the software vendor nor the end users. They are a great way to gain initial access into an organization without being detected. Zero days are rarely used in widespread attacks as they are a high cost to the attacker (identifying a vulnerability that has a high chance of successful exploitation).

Read Now

July 22, 2021

Malicious Uses of Blockchains

SCYTHE’s engineering team shares their most recent article on the malicious uses of Blockchains. Here’s why this is important: Cryptocurrencies are discussed often, but few understand what they are or how they work. The engineering team defines each cryptocurrency type in detail.

Read Now