Sean O’Connor has predominately worked in the Intelligence Community (IC), starting his career, like many do, in the US military, where he worked in various intelligence disciplines, ranging from Human Intelligence (HUMINT) to tactical Signals Intelligence (SIGINT), and later serving as a Counterintelligence (CI) contractor for the Department of Defense (DoD).
Sean has always been passionate about all things intelligence and all things cyber. With this combined passion, Sean decided after his third tour in Afghanistan, to transition to the private sector as a Cyber Threat Intelligence (CTI) researcher for Dell Secureworks in the exclusive Counter Threat Unit (CTU). “The intelligence training and experience I obtained throughout my military career and in the DoD gave me the tools necessary to build the CTU’s first ever virtual HUMINT team.” By applying traditional HUMINT tradecraft through sock puppet accounts, the CTU vHUMINT team was able to infiltrate dark web cybercriminal networks for the purpose of collecting, analyzing and producing intelligence.
After six years in the Secureworks CTU, Sean took on a new opportunity with KPMG US as their head of Threat Intelligence, where he built the CTI program for the US, LATAM, and Israel member firms. Fast forward to today, Sean is the Global Head of the Equinix Threat Analysis Center (ETAC), which is comprised of teams focused on threat intelligence research, threat hunting, consulting services and data analytics.
With an extensive background spanning 15 years in security leadership, Sean O’Connor stands as a distinguished expert. As both an accomplished author and dedicated educator, he imparts his knowledge with passion. Sean’s influential speaking engagements resonate widely, and his perspectives often find a place in media narratives, further solidifying his reputation in the field.
.@TrendMicro kudos to the team that put this together.
180+ page report - Exploring forensic evidence and detection methods for remote monitoring and management (RMM) tooling. Also including common sync tools used in incidents.
https://jsac.jpcert.or.jp/archive/2023/pdf/JSAC2023_1_1_yamashige-nakatani-tanaka_en.pdf
#DFIR #RMM
🚨New Analysis🚨: #LockBit 3.0 Exploit CVE 2023–4966 #CitrixBleed
@MichalKoczwara and I deep dive into the recent #CISA LockBit advisory, looking at IOCs provided by @Boeing to uncover additional #infrastructure.
Hope you find it an interesting read!
Link & Findings👇
Microsoft has uncovered a supply chain attack by North Korean threat actor Diamond Sleet (ZINC) involving the modification of an installer file from software maker CyberLink. The payload calls back to attacker infrastructure for instructions. Learn more:
The #Trigona ransomware group is back online and extorting victims after the Ukrainian Cyber Alliance infiltrated and took down the infrastructure.
New victim portal URL: http://znuzuy4hkjacew5y2q7mo63hufhzzjtsr2bkjetxqjibk4ctfl7jghyd.onion