Empowering IT Professionals

Hi, I'm Jeremy. I have been a security researcher, incident responder, and IT expert for more than twenty years. Something that has bothered me throughout my career is lack of what I call, “Do What Now” material. ATT&CK and other frameworks are great for coordinating detection, but lack mitigation.

That is where Japh On Tech comes in. Not only Intel, news, and analysis, but our enterprise playbooks guide you through product agnostic “Do What Now” mitigation.

Don't hesitate to contact, and I hope the services and workflows we provide will help streamline both Infosec and IT in your organization.

Why are PDFs used for Playbooks?

Currently the hosting provider for Japh On Tech is not regulatory compliant, or has enough transparent controls for us here at Japh to be comfortable hosting Your data. At this point in time it would be irresponsible to have HIPAA, PCI, etc. data on the current hosting provider. So, to mitigate this, we provide PDFs that may be filled out and stored on your systems with your controls.

Japh On Tech does not want your data, and at this point we do not believe you should give it to us.

Advertisements, Product Mentions

Ah, the age old question of What to Do About Products and Companies. At JoT, it is both simple and complicated. The founder of JoT, me (Jeremy), has been in the industry for decades. I have worked for, with, and adjacent to more businesses I can shake a stick at. And I have a few core beliefs that I will try and outline.

  1. If money or resources of value change hands which causes a product, company, or service to pop up in our content, it will be labeled. While we are currently (Aug. 2024), at some point we may consider non-intrusive, high quality advertisements from companies that We Trust and are vetted. For example, love them or hate them, companies like Microsoft, Juniper, Broadcom, Palo Alto Networks, Crowdstrike, Intel, and many others are welcome to drop us a line. Crypto? The technology is fascinating, and I doubt we would ever accept any advertising at all from the industry. Call back in twenty years.

  2. We will reference companies that we have opinions on. This is the first and only disclosure, We Have Opinions. Opinions may change, and not everyone agrees. Civil constructive discourse is wildly encouraged. So, if I mention Widget XYZ and I think It’s Pretty Cool, that is the end of it. At that point in time, I/We thought it was pretty cool.

  3. If there are material objections, please contact us. Integrity, honesty, and transparency are our most fundamental currency. If there are errors, whether out of short sightedness or unfortunate events, they will be handled responsibly and professionally. You might even make it onto our list below, and we are working on some schwag (or modest value, t-shirts, that sort of thing) for your time.

  4. Finally, we don’t sell, rent, or exfil your data. Not a drop. Since we use third party services, and Google is the all seeing eye, how you personally protect against those class of cookies is up to you. At JoT, your addresses, emails, names, or anything that you contribute, will not be shared by JoT. Always stay vigilant and as the YouTube creator and attorney Bruce Rivers says, “Don’t self snitch”, but JoT is on your side.

If there are questions, comments concerns, please let us know!

Shout-outs and Thanks!

The open source community and intel work at large has been integral to my success through the decades. I would like to give thanks to a number of people, publications, products, services, and the like. Please drop me a line if I have missed anyone, it isn’t because of anything besides sometimes being forgetful.

  • APT Groups and Operations This spreadsheet and contributors are invaluable. Please say thank you to them and support projects they work on.

    • Pasquale Stirparo @pstirparo

    • David Bizeul @davidbizeul

    • Brian Bell

    • AccountZiv Chang @Gasgas4

    • GgyyJoel Esler @joelesler’

    • Kristopher Bleich @kc0iqx_bleich

    • Maite Moreno @mmorenogMonnappa

    • K A @monnappa22

    • J. Capmany @theweeZ

    • Paul Hutchinson @AllAboutAPT

    • Boris Ivanov @BlackCaesar1973

    • Andre Gironda @andregironda

    • Devon Ackerman @aboutdfir

    • Carlos Fragoso @cfragoso

    • Eyal Sela @eyalsela

    • Florian Egloff @egflo

    • Ohad Zaidenberg @ohad_mz

    • Gary Warner @GarWarner

    • Efi Pecani @Excited_Efi

  • Shodan Not open source, but incredibly useful

  • Brian Krebs One of the OGs

  • ArsT echnica/Dan Goodin Excellent, quick, concise, and accurate reporting

  • My friends, countrymen, Romans at LinkedIn

  • Tony from China Update (YouTube) Excellent updates on what is happening across the pond

  • Konstantin Samoilov (YouTube) Mostly economics regarding Russia, however it is important for InfoSec professionals to keep on the pulse of geopolitical and economic news

  • Any many, many, many friends, coworkers, mentors throughout the decades (I will list you if asked, but by default you are anonymous)