That React2Shell to ransomware chain in under a minute is absolutely wild, and honestly makes me realize how outdated our incident response timelines are. We're still building playbooks around 30-minute detection windows when automated kill chains are executing end-to-end before most SOC teams even get an alert. The point about AI vs AI is spot on, I've been testing automated response workflows in our lab environment and the gap between manual and automated containment is staggering, especially for internet-facing assets.
I was speaking to a former black hat threat actor this morning after the show and he said that this timeline is not only a game changer, its going to require a strategic shift in how MSSP's deal with this.
That React2Shell to ransomware chain in under a minute is absolutely wild, and honestly makes me realize how outdated our incident response timelines are. We're still building playbooks around 30-minute detection windows when automated kill chains are executing end-to-end before most SOC teams even get an alert. The point about AI vs AI is spot on, I've been testing automated response workflows in our lab environment and the gap between manual and automated containment is staggering, especially for internet-facing assets.
I was speaking to a former black hat threat actor this morning after the show and he said that this timeline is not only a game changer, its going to require a strategic shift in how MSSP's deal with this.