Treadstone 71 Selected to Deliver at the RSA Conference 2018 San Francisco

Foundations for a Strong Intelligence Program
April 18, 9AM-11AM RSA Conference
This Lab will explore key aspects of building a strong and long-lasting cyberthreat intelligence program. We’ll review methods of threat intelligence platform selection and bake-off techniques as well as cover stakeholder analysis and priority intelligence requirements. Additionally, we’ll practice collection planning and mission management as well as how to establish effective reporting and dissemination capabilities.

Cyber CounterIntelligence – Deception, Distortion, Dishonesty
April 18, 1:45PM-2:30PM RSA Conference
Deception, distortion, dishonesty are core to social media postings. Our adversaries use these methods concocting stories that create illusions that are meant to leave us divided. The talk will cover methods of countering their messaging while applying these tactics to protect your own organization and brand. Moving from intelligence to counterintelligence is the natural next step in our evolution.

Featured post

Plague of the Cyber RATS

How a toxic computer code delivered by ‘Remote Access Trojans’ is an invisible army able to take over a petrochemical plant and blow it to pieces

Ironically, said Bardin, it was Stuxnet that led Iran to enhance its offensive capability: ‘If Stuxnet had happened to the US or UK, it would have been seen as an act of war. In Iran, it made them invest heavily in offensive cyber operations.’

He revealed that 18 per cent of Iranian university students are studying computer science – a cyber warfare talent pool.

No guns. No bombs. No conventional weapons of any kind. An invisible army able take over a petrochemical plant like this and blow it to pieces. That’s the power of a toxic computer code delivered by RATs – ‘Remote Access Trojans’ – that’s making UK security experts VERY nervous indeed

‘Fixing this takes political will, and business is always pushing back, because good cyber security adds costs,’ said Bardin. ‘Ultimately, something is going to blow up.’

Featured post

Behzad Mesri – #HBO Hack – Silent Terror

البته سوال اصلی من از همون اول که این دیفیسر رو میشناختم
این بود که چرا اسمش یه o کم داره
skote vahshat – 

BehzadMasri – skote_vahshat Get the scoop here (PDF)

بهزاد مصری

فکر کنم اول اشتباه نوشته و همون معروف شده و توی رو در بایستی مونده

Wired Article
حالا امیدوارم که زندگیش خراب نشه، ولی کاش مقامات به این سوال هم پاسخ میدادن


این لاگ ها و پیست ها و دیتابیس هایی که توی فروم های زیرزمینی تبادل میشن رو احتمالن دیدید
هیچ امنیت و پرایوسی ای باقی نمونده و قطعن یکی از مشتریان اینها، یا حتا عامل لیک شدنشون خود سازمان های دولتی و امنیتی هستند
چندان عجیب نیست که یک نفر به این شکل مشخصاتش لو میره…
یعنی واقعن هم خیلی کار سختی نیست، با یه سیستم شخصی هم میشه مشابهش رو انجام داد، دیگه دولت که خیلی دستش بازتره


اونی که مرتکب یک جرم سایبری بزرگ میشه و لو نمیره یا لو میره ولی پیدا نمیشه خیلی کارش درسته…
واقعن کار سختیه… یعنی دائم باید از دید اونی که می خواد پیداش بکنه به موضوع نگاه بکنه و این از کاری که مرتکبش میشه هم مهم تر و شاید سخت تره

سکات وشات


ا📌 طلاعات تکمیلی در مورد بهزاد مصری و هک HBO

🔹 کشف حمله سایبری زمانی که Time Warner کمپانی پدر HBO در حال خریده شدن توسط AT&T به مبلغ ۸۵ میلیارد دلار بوده است، اتفاق افتاد. این کشف سهام اچ بی او را کاهش داد.

‼️ مصری ظاهرا نمایشنامه قسمت های ساخته نشده سریال های اچ بی او را نیز سرقت کرده است.

🔹 از سوابق مصرف هک کردن زیرساخت‌های انرژی اتمی اسرائیل می باشد.

🔹۷ اتهام مصری شامل «جرایم رایانه‌ای»، «جرایم مالی»، «اخاذی»، «سرقت هویت» و دیگر جرایم است. باور مقامات آمریکایی این است که وی در حال حاضر در ایران سکونت دارد.

🔹 متن ایمیلی که مصری به هک شدگان فرستاده شامل عبارت زیر بوده است:

“Hi to All losers! Yes it’s true! HBO is hacked!”


🔹 مصری با نام مستعار Skote Vahshat حداقل ده اکسپلویت از نوع SQL Injection ثبت کرده، و ده ها سایت را دیفیس کرده است.

🔹 بر اساس ادعای مصری، وی بیش از ۱.۵ ترابایت داده به سرقت برده است.

🔴 گروه هکری OurMine کنترل حساب توییتر HBO را در شهریور ماه گرفتند. به نظر میرسد رمز این حساب توسط مصری به آنها منتقل شده است.

🔴 یکی از دلایل متهم شدن سریع مصری، تلاش وی برای تماس با خبرنگاران و رسانه های متعدد جهت تحت فشار گذاشتن اچ بی او برای پرداخت مبلغ اخاذی بوده است.

🔹 اولین اقدام مصری یافتن دسترسی از راه دور کارکنان به شبکه اچ بی او بوده که بتواند از همان طریق دسترسی خود به زیرساخت را حفظ نماید.

Featured post

Zapad Exercises – 2nd/3rd Order Effects


The recent Russian Zapad wargaming exercises included a plethora of electronic capabilities demonstration and potentially more. Russia is known to recently been involved in illegal immigration efforts in Sweden, Finland, and Norway along with hostile intent along its northern borders (Estonia, Latvia, Lithuania) including cell/communication tower tampering. Could the recent Zapad exercises be more than just wargaming?

Some What If thoughts on these non-linear actions:

– Testing capabilities, distance, strength, impacts
– Testing responses like a stone in pond
    – 2nd and 3rd order effects were measured to determine the impact on targets, targets responses, etc.
    – Russians had people in each target country assisting with target impacts
    – Russians monitored target government communications from within each country
    – Determine length of time for target government to respond and what methods were used and where to get communications back online (if at all) – the locations of the response represent capabilities unknown to Russia until such an exercise is performed
– Other possibles:
     – A cover for illegal activities that occurred during the exercise – a feint, a ruse
 – Testing a precursor to actual execution – that is why military exercises are performed
 – What capabilities are being left in the exercise areas; what is not being removed after the exercise using the exercise as a ruse to place assets close to Western borders that were not there before
 What do you think?

Featured post

Treadstone 71 Announces Cyber Intelligence Capability Maturity Model

Treadstone 71 developed a maturity model to help organizations determine the maturity of their cyber intelligence initiatives against the cyber intelligence common body of knowledge (CICBOK). The model provides strategic and operational aspects of your cyber intelligence maturity, where it needs to go, and where you should concentrate your attention to create more value for your business. Nearly 8 years in the making, the Treadstone 71 Cyber Intelligence Maturity Model uses traditional tradecraft as delivered by Sherman Kent and Richards Heuer, intelligence community standards, analytic standards, and experiential knowledge derived from years of training, assessing, and building cyber intelligence programs.

The Treadstone 71 Cyber Intelligence Capability Maturity Model (T71-CICMM) is a methodology used to develop and refine an organization’s cyber intelligence program. Not only is the model educational and practical skills for learning and developing expertise, but also a roadmap for building a cyber intelligence program. More information is available here:

Treadstone 71 Cyber Intelligence Maturity Model


Featured post

Status – Iranian Hacking Tools

Iranian Hacking Tools

One time, 24-hour access to download the as-is Iranian Hacking tools. Approximately 1.3GB of use-at-your-own-risk tools, videos, instructions, and other information.


Many have requested access to the gigabytes of Iranian hacking tools Treadstone 71 has available. You may now access these tools via a payment to Treadstone 71.

Best Regards,

Treadstone 71

Featured post

It has not changed – Russian Maskirovka – Denial and Deception

I keep a vigil in a wilderness of mirrors
Where nothing here is ever what it seems

Yuri Nosenko


“Instead of being relieved to hear that the Soviets had not been involved in the assassination, James Jesus Angleton, the C.I.A.’s legendarily suspicious counterintelligence chief, and others in the spy trade thought Mr. Nosenko’s apparent defection was a trick.” including Cyber Counterintelligence Tradecraft 

“After all, the agency had suffered a series of setbacks, including the unmasking and execution of two Russian intelligence officials who had been spying for the C.I.A. inside the Soviet Union.”

Not much has changed with respect to Russian counterintelligence activities but for the medium of use. The Internet affords great opportunities for denial and deception, counterdenial and counterdeception, ruses, feints, doubleplays, and other methods of manipulation and influence management. Want to learn more? Try Treadstone 71’s Cyber Counterintelligence Tradecraft Certification –


Featured post

Intelligence for the C-Suite and Stakeholders

This is a one-day course designed to educate corporate leadership and stakeholders in cyber and threat intelligence.  There is a general awareness of the need to establish intelligence functions. Many organizations do not have a fundamental understanding of what intelligence is, where the function should reside, how it is different from business and competitive intelligence while understanding the overlaps and natural points of integration. This one day course targets corporate leadership delivering a clear and coherent training that equips stakeholders with the understanding and tools they need to assist in building a successful intelligence program.

Registration Information – Dates and Times TBD

Course High-Level Outline

  • Using Strategic Intelligence
  • Organization and Focus of the Class
  • Background on Strategic Intelligence and Analysis
  • Approaches and Processes
  • Strategic Plan development, acceptance, and dissemination
    • Mission
    • Vision
    • Guiding Principles
    • Roles and Responsibilities
    • Threat Intelligence Perspective
    • Business Intelligence Perspective
    • Competitive Intelligence Perspective
    • Intelligence Strategic Challenges
    • Goals and Initiatives
    • Next Steps
    • Roadmap
  • Stakeholder checklist and stakeholder management groups with strategic and tactical activities definition for intelligence, description of needs and products. This will include:
  • The Future Use of Strategic Intelligence
  • Intelligence: Role, Definitions, and Concepts
  • Basic Concepts Concerning Intelligence
  • The Strategic Intelligence Process – Operations to Tactics
  • The Role of Strategic Intelligence and Its Impact on Stakeholders
    • Operational, Technical, Tactical
  • Why Stakeholders and Executives Need Strategic Analysis:
  • Strategic Analysis Leading to Strategic Decisions
  • Implementing Intelligence Programs
    • The Treadstone 71 Method (Experience with several program builds globally)
  • Challenges for Stakeholders to Accept Intelligence
  • Stakeholder Views: Impact on Intelligence
  • Intelligence as Catalyst for Stakeholders
  • Integrating Analytical Support and the Stakeholder Thought Process
  • Stakeholders and Self-Directed Strategic Processes, Procedures, Methods
  • The Role of Intelligence Management
  • Issues, Tactics, Techniques, Methods, and Principles
  • Managing Intelligence Projects
  • Providing Focused Leadership
    • Leading the Team
    • Understanding Issues and the Process
    • Analysis Overview
    • Collection Management
    • Production Management
      • Evaluation
      • Analysis
      • Integration
      • Interpretation
    • Types of Analysis
      • 14 Types of Analysis
    • Analytic Writing
      • ICD 203, 206, 208
      • Organization, Evidence, Argument, Sources, Pitfalls
      • Use the Title
      • Who/What, Why Now, So What, Impact so far, Outlook, Implications
      • BLUF and AIMS
      • Supervisory Actions
      • Summary Paragraphs
      • Alternative Analysis
      • Clarity and Brevity
      • Peer review
      • Reports and Reporting
        • Feedback
    • Pre-Mortem
    • Post-Mortem
    • Know your professor, get an A – Communicating Up
      • Relevance, Timeliness, Completeness, Accuracy, Usability
    • Briefing Rules
  • Intelligence Analysts and Self-Management
    • High-Level Tasks
  • Analyst Activities
    • Rules for developing analysts – Alignment and as collectors
    • The Role, Responsibilities, and Functions of the Analyst
    • The Analyst’s Roles and Responsibilities – RACI(s)
    • What the Analyst will face
    • Job Descriptions
  • Conclusion
    • The Executive / Stakeholder’s Roadmap
Corporate stakeholders risk investing large amounts of time and money with little positive effect their security, corporate strategies, and business direction. The C-Suite and Stakeholders participating in this course ensures their understanding of the discipline required to build a successful program. The course helps align information security, incident response, security operations, threat and cyber intelligence with the business.
Featured post

Blog at

Up ↑

%d bloggers like this: