Your Fly Is Open

Netmenaces and Other Internet Stupidity

Who is Tom Liston?

2021-03-01 2 min read

Tom Liston recently retired as a Senior Technical Engineer for Counter Hack Challenges, where his extensive experience in security, penetration testing, and red teaming help the organization to provide both high-end, best of class penetration tests, and to develop some of the most widely used cyber training ranges in the world. Tom has developed challenges for SANS Netwars, SANS Holiday Hack Challenge, as well as led a Red Team against the U.S. Military Blue Teams in SANS STX training exercise for the DoD.

Tom is the author of the open-source network-protective software, LaBrea, which developed the idea of network “tarpitting” into usable software for trapping scanners and network-based malware. Tom is also an incident handler for the SANS Institute’s Internet Storm Center where he provides expertise in network security, reverse engineering of malicious software, and is a founding member of the ISC’s malware analysis team. Tom has developed several security tools that have been both publicly released through the Internet Storm Center and used privately by network security personnel and virus researchers. Additionally, he is the co-author (with Ed Skoudis) of the second edition of the classic security book, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses.

His past includes several years as a lead trainer for the Cyber Network Defense team at DarkMatter, LLC - a UAE based security consultancy, where he taught high-end penetration testing techniques, a stint as the Principal Information Security Architect for Warner Brothers Entertainment and ten years as a Senior Security Consultant for InGuardians, Inc., breaking into Fortune 500 organizations and assisting them with increasing their security.

While ostensibly retired, Tom continues to provide security consulting through his own company, Bad Wolf Security, LLC.

If, for whatever reason, you feel an overwhelming need to contact him, he can be reached via email by putting one of those funny curly ‘a’ characters between his name, tom.liston, and his company’s domain name,

He can also be found on Twitter as @tliston or on Mastodon as