Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @Magoo
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @Magoo
-
Prikvačeni tweet
I hope to write more effectively in 2020. I'd love your
or
feedback.
(Form is anon). Thanks!
https://forms.gle/m2HdKeQE2cMX1Apx8 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ryan McGeehan proslijedio/la je Tweet
It’s hiring day! It’s hiring day! Latacora builds security teams for startups. We work exclusively with startups and long-term; clients stay with us for about a year, during which we work full-time on appsec, corpsec, and secops, after which we help hire our replacements.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ryan McGeehan proslijedio/la je Tweet
I just published a ~45 page whitepaper on attacking and defending terraform infrastructure as code in GitHub. Includes attack scenarios, hardening, detections, etc. Deep thanks to
@tifkin_ and@harmj0y for their inspiration and research.
https://www.sans.org/reading-room/whitepapers/securecode/defending-infrastructure-code-github-enterprise-39380 …
1/3Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Gonna keep writing about 3. Someone has to. Will try to steer more towards 1 & 2 and keep the quant nonsense out of it. :)
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Current takeaways: 1. Write more about soft security stuff (Some feedback) 2. Write more about organizational stuff (Nearly all feedback) 3. Forecasting and Risk ("oh god please stop")https://twitter.com/Magoo/status/1216755846694100992 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
They were also making calls to retail locations and SE'ing them in order to impersonate them as well. Were you able to discover any authentication methods that customer service would accept from their own retail locations looking to help customers?
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Great effort
@random_walker and reading through it now. One observation I was able to get during incident response of a SIM swap victim was that the adversary made ~70+ calls to customer service agents before they ultimately succeeded w/ a sim swap.https://twitter.com/random_walker/status/1215689116253290501 …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
This is worth looking through if you're interested in account takeover / cellular fraud. Princeton researchers: - Enumerated how to SIM swap five telco's by way of cust. service. - Reviewed how SMS is used to recover accounts across the internet. https://www.issms2fasecure.com/
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ryan McGeehan proslijedio/la je Tweet
New by me: Pulse Secure VPN flaw being used to deliver targeted ransomware to large organisationshttps://doublepulsar.com/big-game-ransomware-being-delivered-to-organisations-via-pulse-secure-vpn-bd01b791aad9 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Long story short, we have not seen any of our listed events that would confirm "The Big Hack". The panel expected any one of these could occur if the claims were confirmed. The 22 person panel forecasted with ~55% certainty that these events wouldn't happen. (Brier: ~0.4017)pic.twitter.com/YHaUwAhqS5
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
That's here, for anyone who wants to start from the beginning:https://medium.com/@magoo/forecasting-bloombergs-the-big-hack-16b41e0b182b …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Wrote a quick retrospective for the Bloomberg forecast some of us put together in late 2018.https://medium.com/@magoo/revisiting-the-super-micro-story-2be66c1b882 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Classifying types of Security Work: Applying "types of work" from The Phoenix Project to security engineeringhttps://medium.com/starting-up-security/classifying-types-of-security-work-ebbbd3e6d4ae …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
A risk based security project
: Driving an awareness project with a risk measurement ethos.https://medium.com/@magoo/a-risk-based-security-project-e0de07ee1b09 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ryan McGeehan proslijedio/la je Tweet
From the
@AWSSecurityInfo blog: Add defense in depth against open firewalls, reverse proxies, and SSRF vulnerabilities with enhancements to the EC2 Instance Metadata Servicehttps://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/ …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ryan McGeehan proslijedio/la je Tweet
This is a truly exciting day, 3 years in the making! We are open sourcing Nebula, the global overlay networking tool we use to connect every computer at
@SlackHQ. I hope you enjoy reading about (and using!) Nebula.https://slack.engineering/introducing-nebula-the-open-source-global-overlay-network-from-slack-884110a5579 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ryan McGeehan proslijedio/la je Tweet
DOJ charges two former Twitter employees for allegedly using their insider access to spy for Saudi Arabia. The likely activity reported previously, but charges are new https://www.washingtonpost.com/national-security/former-twitter-employees-charged-with-spying-for-saudi-arabia-by-digging-into-the-accounts-of-kingdom-critics/2019/11/06/2e9593da-00a0-11ea-8bab-0fc209e065a8_story.html …pic.twitter.com/iYf0SiRrFO
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Wildly diverse and different risk measurement approaches using similar language ("In The Wild" / Time) and producing compatible, competing values is absolutely what our industry needs. I am very, very excited to see this.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
The group I worked produced shorter term forecasts: "Will BlueKeep be exploited before August?" with a forecast of ~72%. This groups method put a 12 month forecast window around 95.2%. Highly validating to see another group independently take this approach.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I'm very excited. I found other folks measuring risks publicly. You can compare their approach to measuring BlueKeep's imminent exploit-ability with my approach. Both output very similar risk measurements.https://twitter.com/JosiahDykstra/status/1191904043112816645 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.