Treadstone 71 Selected to Deliver at the RSA Conference 2018 San Francisco

Foundations for a Strong Intelligence Program
April 18, 9AM-11AM RSA Conference
This Lab will explore key aspects of building a strong and long-lasting cyberthreat intelligence program. We’ll review methods of threat intelligence platform selection and bake-off techniques as well as cover stakeholder analysis and priority intelligence requirements. Additionally, we’ll practice collection planning and mission management as well as how to establish effective reporting and dissemination capabilities.

Cyber CounterIntelligence – Deception, Distortion, Dishonesty
April 18, 1:45PM-2:30PM RSA Conference
Deception, distortion, dishonesty are core to social media postings. Our adversaries use these methods concocting stories that create illusions that are meant to leave us divided. The talk will cover methods of countering their messaging while applying these tactics to protect your own organization and brand. Moving from intelligence to counterintelligence is the natural next step in our evolution.

Featured post

Twitter Brute Force – Iranian hack

Iranian password cracking for twitter – within the last 72 hours


#!/usr/bin/env python


# Password cracking twitter V 1.0 #

# #

# : # # #


import os

import time

import twitter

import json

import random

from datetime import datetime

from hashlookup.LookupTable import LookupTable





POLL = 60

WORDLIST = ‘./crackstation-dist/crackstation.txt’

W = “\033[0m” # default/white

R = “\033[31m” # red

P = “\033[35m” # purple

C = “\033[36m” # cyan

bold = “\033[1m”

INFO = bold + C + “[*] ” + W

WARN = bold + R + “[!] ” + W

MONEY = bold + P + “[$] ” + W

TIME = lambda: str(‘ ‘)[1].split(‘.’)[0]

print INFO+”%s: Logging into Twitter API …” % TIME()

api = twitter.Api(consumer_key=CONSUMER_KEY, consumer_secret=CONSUMER_SECRET, access_token_key=ACCESS_TOKEN_KEY, access_token_secret=ACCESS_TOKEN_SECRET)

indexes = {

‘md5’: ‘./crackstation-dist/crackstation-md5.idx’,


if os.path.exists(‘processed.pkl’):

with open(‘processed.pkl’, ‘r’) as fp:

processed = json.loads(

print INFO+”%s: Loaded %d processed IDs” % (TIME(), len(processed))


processed = []

def crack_hashes(algorithm, hashes):

results = []

if 0 < len(hashes):

lookup_table = LookupTable(





results = lookup_table[hashes]

return results

def process_request(mention):

hashes = filter(lambda word: len(word) == 32, mention.text.split(‘ ‘))

if len(hashes):

print INFO+”%s: Canidate hashes: %s” % (TIME(), hashes)

results = crack_hashes(‘md5’, hashes[0]) # Limit one hash atm

if results[hashes[0]] is not None:

message = “@%s I cracked your hash, the password is ‘%s'” % (

mention.user.screen_name, results[hashes[0]]



message = “Sorry @%s but I couldn’t crack that hash :(” % mention.user.screen_name


print WARN+”%s: No hashes found in request.” % TIME()

message = None

if message:

print INFO + “%s: Posting update \”%s\”” % (TIME(), message)

message += ” (%d)” % random.randint(0, 9999)


def poll_twitter():

mentions = filter(lambda m: not in processed, api.GetMentions())

print INFO + “%s: %d new mention(s) to process” % (TIME(), len(mentions))

for mention in mentions:



def run_forever():

while True:


print INFO + “%s: Polling twitter API …” % TIME()



except twitter.TwitterError as error:

print WARN+”%s: Error from API %s, sleeping for 5mins” % (TIME(), str(error))

if __name__ == ‘__main__’:



except KeyboardInterrupt:

with open(‘processed.pkl’, ‘wb’) as fp:

fp.write(“%s” % json.dumps(processed))

print INFO+”%s: Saved processed to processed.pkl” % TIME()



Featured post

Zapad Exercises – 2nd/3rd Order Effects


The recent Russian Zapad wargaming exercises included a plethora of electronic capabilities demonstration and potentially more. Russia is known to recently been involved in illegal immigration efforts in Sweden, Finland, and Norway along with hostile intent along its northern borders (Estonia, Latvia, Lithuania) including cell/communication tower tampering. Could the recent Zapad exercises be more than just wargaming?

Some What If thoughts on these non-linear actions:

– Testing capabilities, distance, strength, impacts
– Testing responses like a stone in pond
    – 2nd and 3rd order effects were measured to determine the impact on targets, targets responses, etc.
    – Russians had people in each target country assisting with target impacts
    – Russians monitored target government communications from within each country
    – Determine length of time for target government to respond and what methods were used and where to get communications back online (if at all) – the locations of the response represent capabilities unknown to Russia until such an exercise is performed
– Other possibles:
     – A cover for illegal activities that occurred during the exercise – a feint, a ruse
 – Testing a precursor to actual execution – that is why military exercises are performed
 – What capabilities are being left in the exercise areas; what is not being removed after the exercise using the exercise as a ruse to place assets close to Western borders that were not there before
 What do you think?

Featured post

Dru’a al-Waaqiah lil-Bedoon – Syrian Sanctions Busting with Russian Help

Past report on Syrian Government collusion with Russia to bypass sanctions against Syria. This instance involves acquiring materials and machines to manufacture their own body armor in Latakia by way of the UAE where a Syrian soldier working with a female FSB agent centralize the acquisitions.

Visas, passports, military IDs, fake names, bills of lading and more for your reading and review.

The Treadstone 71 Report (pdf) – Treadstone 71 – drua-alwaaqiah-lilboodoon

Treadstone 71 acquired supporting files and documents (30MB zip) – drua-rawfiles-treadstone71

Featured post

Treadstone 71 Announces Cyber Intelligence Capability Maturity Model

Treadstone 71 developed a maturity model to help organizations determine the maturity of their cyber intelligence initiatives against the cyber intelligence common body of knowledge (CICBOK). The model provides strategic and operational aspects of your cyber intelligence maturity, where it needs to go, and where you should concentrate your attention to create more value for your business. Nearly 8 years in the making, the Treadstone 71 Cyber Intelligence Maturity Model uses traditional tradecraft as delivered by Sherman Kent and Richards Heuer, intelligence community standards, analytic standards, and experiential knowledge derived from years of training, assessing, and building cyber intelligence programs.

The Treadstone 71 Cyber Intelligence Capability Maturity Model (T71-CICMM) is a methodology used to develop and refine an organization’s cyber intelligence program. Not only is the model educational and practical skills for learning and developing expertise, but also a roadmap for building a cyber intelligence program. More information is available here:

Treadstone 71 Cyber Intelligence Maturity Model


Featured post

Status – Iranian Hacking Tools

Iranian Hacking Tools

One time, 24-hour access to download the as-is Iranian Hacking tools. Approximately 1.3GB of use-at-your-own-risk tools, videos, instructions, and other information.


Many have requested access to the gigabytes of Iranian hacking tools Treadstone 71 has available. You may now access these tools via a payment to Treadstone 71.

Best Regards,

Treadstone 71

Featured post

It has not changed – Russian Maskirovka – Denial and Deception

I keep a vigil in a wilderness of mirrors
Where nothing here is ever what it seems

Yuri Nosenko


“Instead of being relieved to hear that the Soviets had not been involved in the assassination, James Jesus Angleton, the C.I.A.’s legendarily suspicious counterintelligence chief, and others in the spy trade thought Mr. Nosenko’s apparent defection was a trick.” including Cyber Counterintelligence Tradecraft 

“After all, the agency had suffered a series of setbacks, including the unmasking and execution of two Russian intelligence officials who had been spying for the C.I.A. inside the Soviet Union.”

Not much has changed with respect to Russian counterintelligence activities but for the medium of use. The Internet affords great opportunities for denial and deception, counterdenial and counterdeception, ruses, feints, doubleplays, and other methods of manipulation and influence management. Want to learn more? Try Treadstone 71’s Cyber Counterintelligence Tradecraft Certification –


Featured post

Intelligence for the C-Suite and Stakeholders

This is a one-day course designed to educate corporate leadership and stakeholders in cyber and threat intelligence.  There is a general awareness of the need to establish intelligence functions. Many organizations do not have a fundamental understanding of what intelligence is, where the function should reside, how it is different from business and competitive intelligence while understanding the overlaps and natural points of integration. This one day course targets corporate leadership delivering a clear and coherent training that equips stakeholders with the understanding and tools they need to assist in building a successful intelligence program.

Registration Information – Dates and Times TBD

Course High-Level Outline

  • Using Strategic Intelligence
  • Organization and Focus of the Class
  • Background on Strategic Intelligence and Analysis
  • Approaches and Processes
  • Strategic Plan development, acceptance, and dissemination
    • Mission
    • Vision
    • Guiding Principles
    • Roles and Responsibilities
    • Threat Intelligence Perspective
    • Business Intelligence Perspective
    • Competitive Intelligence Perspective
    • Intelligence Strategic Challenges
    • Goals and Initiatives
    • Next Steps
    • Roadmap
  • Stakeholder checklist and stakeholder management groups with strategic and tactical activities definition for intelligence, description of needs and products. This will include:
  • The Future Use of Strategic Intelligence
  • Intelligence: Role, Definitions, and Concepts
  • Basic Concepts Concerning Intelligence
  • The Strategic Intelligence Process – Operations to Tactics
  • The Role of Strategic Intelligence and Its Impact on Stakeholders
    • Operational, Technical, Tactical
  • Why Stakeholders and Executives Need Strategic Analysis:
  • Strategic Analysis Leading to Strategic Decisions
  • Implementing Intelligence Programs
    • The Treadstone 71 Method (Experience with several program builds globally)
  • Challenges for Stakeholders to Accept Intelligence
  • Stakeholder Views: Impact on Intelligence
  • Intelligence as Catalyst for Stakeholders
  • Integrating Analytical Support and the Stakeholder Thought Process
  • Stakeholders and Self-Directed Strategic Processes, Procedures, Methods
  • The Role of Intelligence Management
  • Issues, Tactics, Techniques, Methods, and Principles
  • Managing Intelligence Projects
  • Providing Focused Leadership
    • Leading the Team
    • Understanding Issues and the Process
    • Analysis Overview
    • Collection Management
    • Production Management
      • Evaluation
      • Analysis
      • Integration
      • Interpretation
    • Types of Analysis
      • 14 Types of Analysis
    • Analytic Writing
      • ICD 203, 206, 208
      • Organization, Evidence, Argument, Sources, Pitfalls
      • Use the Title
      • Who/What, Why Now, So What, Impact so far, Outlook, Implications
      • BLUF and AIMS
      • Supervisory Actions
      • Summary Paragraphs
      • Alternative Analysis
      • Clarity and Brevity
      • Peer review
      • Reports and Reporting
        • Feedback
    • Pre-Mortem
    • Post-Mortem
    • Know your professor, get an A – Communicating Up
      • Relevance, Timeliness, Completeness, Accuracy, Usability
    • Briefing Rules
  • Intelligence Analysts and Self-Management
    • High-Level Tasks
  • Analyst Activities
    • Rules for developing analysts – Alignment and as collectors
    • The Role, Responsibilities, and Functions of the Analyst
    • The Analyst’s Roles and Responsibilities – RACI(s)
    • What the Analyst will face
    • Job Descriptions
  • Conclusion
    • The Executive / Stakeholder’s Roadmap
Corporate stakeholders risk investing large amounts of time and money with little positive effect their security, corporate strategies, and business direction. The C-Suite and Stakeholders participating in this course ensures their understanding of the discipline required to build a successful program. The course helps align information security, incident response, security operations, threat and cyber intelligence with the business.
Featured post

Blog at

Up ↑

%d bloggers like this: