Dhruv AHUJA
@new23d.bsky.social
Making network egress filtering effective, reliable and usable. Founder & Chief Engineer at @chasersystems.bsky.social
Blog: https://www.new23d.com/
Blog: https://www.new23d.com/
[email protected] to focus on building detections for TTPs etc in the red and yellow parts, and developer experience to manage allowlists of the green part.
[1] detect-respond.blogspot.com/2013/03/the-...
[1] detect-respond.blogspot.com/2013/03/the-...
October 31, 2025 at 9:49 AM
[email protected] to focus on building detections for TTPs etc in the red and yellow parts, and developer experience to manage allowlists of the green part.
[1] detect-respond.blogspot.com/2013/03/the-...
[1] detect-respond.blogspot.com/2013/03/the-...
I use openrouter·ai and agent Roo in vscode for exactly this. Can change the model per prompt in each step of the agent.
October 23, 2025 at 10:16 AM
I use openrouter·ai and agent Roo in vscode for exactly this. Can change the model per prompt in each step of the agent.
...extracting a baseline and only then enforcing it. Once in enforcement mode, C2 channels become a thing of the past. Heck, we even detect whether what you may be trying to allow is an Effective TLD (like with *·it·com, anybody could register subdomains on it) and stop...
October 16, 2025 at 7:51 AM
...extracting a baseline and only then enforcing it. Once in enforcement mode, C2 channels become a thing of the past. Heck, we even detect whether what you may be trying to allow is an Effective TLD (like with *·it·com, anybody could register subdomains on it) and stop...
...threats. They will always be too late due to the nature of log collection and the human-in-the-loop.
A robust preventive tool is an *outbound* filtering firewall. We've invested great time & effort in making these easy to retrofit and go about monitoring the traffic,...
A robust preventive tool is an *outbound* filtering firewall. We've invested great time & effort in making these easy to retrofit and go about monitoring the traffic,...
October 16, 2025 at 7:51 AM
...threats. They will always be too late due to the nature of log collection and the human-in-the-loop.
A robust preventive tool is an *outbound* filtering firewall. We've invested great time & effort in making these easy to retrofit and go about monitoring the traffic,...
A robust preventive tool is an *outbound* filtering firewall. We've invested great time & effort in making these easy to retrofit and go about monitoring the traffic,...
...channel working by then.
This is the difference between detective controls and preventive controls. The latter would've stopped it (had it been able to detect it, of course.) But the UK seems to be overly reliant on advocating use of SOCs to contain these kind of...
This is the difference between detective controls and preventive controls. The latter would've stopped it (had it been able to detect it, of course.) But the UK seems to be overly reliant on advocating use of SOCs to contain these kind of...
October 16, 2025 at 7:51 AM
...channel working by then.
This is the difference between detective controls and preventive controls. The latter would've stopped it (had it been able to detect it, of course.) But the UK seems to be overly reliant on advocating use of SOCs to contain these kind of...
This is the difference between detective controls and preventive controls. The latter would've stopped it (had it been able to detect it, of course.) But the UK seems to be overly reliant on advocating use of SOCs to contain these kind of...
...because the team who put that in has moved on!
October 7, 2025 at 12:33 PM
...because the team who put that in has moved on!
...providers is safer than leaving open to the entire internet. Not saying don't patch systems - but take your time to get there. Attack from a tenant on the same provider is a slim chance. Some users will never get to patching Redis or changing server/client configs ever...
October 7, 2025 at 12:33 PM
...providers is safer than leaving open to the entire internet. Not saying don't patch systems - but take your time to get there. Attack from a tenant on the same provider is a slim chance. Some users will never get to patching Redis or changing server/client configs ever...
...possible because of the well-established x509v3 PKI standard.
[1] www.labourtogether.uk/all-reports/...
[2] institute.global/insights/tec...
[3] www.new23d.com/iam-roles-an...
[1] www.labourtogether.uk/all-reports/...
[2] institute.global/insights/tec...
[3] www.new23d.com/iam-roles-an...
October 6, 2025 at 12:59 PM
...possible because of the well-established x509v3 PKI standard.
[1] www.labourtogether.uk/all-reports/...
[2] institute.global/insights/tec...
[3] www.new23d.com/iam-roles-an...
[1] www.labourtogether.uk/all-reports/...
[2] institute.global/insights/tec...
[3] www.new23d.com/iam-roles-an...
...interoperability and nuances around use of the term "open". Not a bad read [2] regardless of where you may stand on the issue.
Reminded me of a talk I recently presented on interoperability between Let's Encrypt and AWS IAM Roles Anywhere [3,4]. One could argue this was...
Reminded me of a talk I recently presented on interoperability between Let's Encrypt and AWS IAM Roles Anywhere [3,4]. One could argue this was...
October 6, 2025 at 12:59 PM
...interoperability and nuances around use of the term "open". Not a bad read [2] regardless of where you may stand on the issue.
Reminded me of a talk I recently presented on interoperability between Let's Encrypt and AWS IAM Roles Anywhere [3,4]. One could argue this was...
Reminded me of a talk I recently presented on interoperability between Let's Encrypt and AWS IAM Roles Anywhere [3,4]. One could argue this was...