🚨NEW: The Solution to Cyber Mercenaries Is Not Export Control 🚨
My first ever op-ed in is out! Wanna know more about NSO, the cyber mercenary landscape, what export control even is, and why it’s not enough? Read on 🧵/
Winnona 
@__winn
Harvard & Georgetown MPP/JD candidate. / fellow, goon, ex-Google threat research. Dog mom. Opinions=my own 
Joined June 2014
Winnona 💾’s Tweets
The boom, the bust and the adjust
The offensive cybersecurity industry — trends and updates
I'm super excited to publish this article which embeds my experience in the offensive cybersecurity industry over the years.
I hope you will enjoy it.
11
54
183
Registration for our highly anticipated Cape Town #Cyber912 is live! We're partnering with to hold an immersive cyber simulation for university students.
Register your interdisciplinary dream team here before slots fill up: form.jotform.com/231294472510148
GIF
read image description
ALT
8
12
The Hacker Initiative has announced its new round of grant funding for efforts to advance infosec through small community focused computer science & STEM education efforts. Application period closes 15 Aug 2023. See hackerinitiative.org/apply-now/ for details
7
9
62
537
2,667
NEW: I found 1000s of shady PDFs hosted on .gov websites of states, universities, defense contractors, etc.
It was a clever SEO spam operation, but the access could have been exploited for more nefarious things.
has the writeup.👇👇
techcrunch.com/2023/06/02/sca
4
107
269
Show this thread
This NYT headline is a really good example of how translation can go wrong. It's true that 吃苦 literally means "eat bitter".
But it English it sounds alien and brutal. In Chinese, it's a standard expression. That doesn't mean it's okay, but it lands very differently.
read image description
ALT
51
90
466
Show this thread
2
7
27
Show this thread
Just in time to wreck your productivity for the short week, here’s some delicious postgame info about the DEF CON 31 CTF Quals that happened over the weekend. Please enjoy the official data dump from our good friends .
quals.2023.nautilus.institute
Additionally, please… Show more
read image description
ALT
2
20
71
This edition of the 5×5 features insights from , , , , and Christopher Porter on the relationship between the cyber threat intelligence and cyber policy communities.
1
5
Show this thread
PRC cyber threats to critical infrastructure are real and use sophisticated tradecraft that doesn't always rely on malware. This advisory describes tradecraft for hunting their intrusions and detecting this activity. We want to hear about discoveries.
media.defense.gov/2023/May/24/20
6
106
209
yeah I’m into biohacking (walking 10k steps/day, sleeping 7-8 hours/night, drinking lots of water, eating whole foods, lounging in the sun, being in nature, spending time with people I love)
62
5,301
35.8K
Show this thread
Join the fun & help us keep this thing going. The registration for BSidesLV 2023 is officially open.
You have three levels of support to choose from, including Participant, Donor, and Super Donor.
These options go quick, so act fast. Space is limited.
eventbrite.com/e/bsideslv-202
1
16
17
Weekly analysis is out
- 🇺🇸 'expeditionary cyberspace operations'
-🇷🇺 ops in 🇺🇦
-🇨🇳 router implants & eBPF implant upgrade
-🇰🇵 ops in 🇪🇺
-🇰🇵 ops in 🇮🇳
-🇻🇳 ops in 🇨🇳
-🦹♂️ SIM swapping
then we have
-🇦🇿 ✂️ insecure gov
plus the usual tradecraft analysis.
10
20
We launched a new website to streamline enrollment in the no-cost cybersecurity services provides to small businesses supporting , . Encourage companies with DOD contracts (sub or prime) to review & enroll (best in desktop): nsa.gov/About/Cybersec
3
43
104
Obligatory:
Quote Tweet
Anonymous #Russia claims to have taken the CIA tor website down using Tesla botnet.
#cybersecurity #infosec #russiaukrainewar️ #UkraineRussianWar
4
34
BREAKING: SCOTUS just ruled in favor of Twitter in Twitter v Taamneh. Gonzalez vacated. Clean sweep. No mention of #Section230. More details to come.
9
77
240
Show this thread
Cyber tools often require long-term development, but in several Russian operations against Ukraine it appears that "someone needed a tool right then and grabbed it from the shelf, even if it was staged for future operations."
1
7
15
Show this thread
I suspect that some of these techniques and arguments could be useful in your debates with Russians on social media.
But first, here is the text of the video:
Is this the life I dreamed of? The path that I chose for myself? 2/
3
74
1,103
Show this thread
NEW: notorious spyware firm #NSO Group, maker of #Pegasus has spent millions on foreign agents & lobbying operations in the US.
Their most recent target? The American Bar Association .
By
opensecrets.org/news/2023/05/s
read image description
ALT
10
338
468
Show this thread
Gentle Reminder folks, the #CFP for Recon Village is OPEN.
Some amazing submissions have come in, if you have got something to share at Recon Village , Submit your research NOW.
reconvillage.org/cfp/
Quote Tweet
18
19
hey, cyberpolicy nerds and nerds-to-be! this is a pretty awesome opportunity, and the folks are amongst my favorite humans on God's green earth.
do recommend.
1
4
17
Attending #DEFCON31? Curious to support gathering hackers and policymakers at ? Check out our "call for support" application here! As a policy-attaché, you can spend a few hours helping bridge the hacker and policy maker divide
form.jotform.com/231257054126045
1
34
65
Security of DMs only for those subscribed to Twitter Blue. Sure that will go over well with the .
Quote Tweet
Here are the caveats:
-Sender and recipient have to be on the latest Twitter app.
-Sender and recipient have to be subscribed to Twitter Blue or verified organizations.
-The recipient has to follow the sender or have communicated with them before
help.twitter.com/en/using-twitt
Show this thread
2
13
22
Show this thread
🚨🚨 We are officially THREE. MONTHS. AWAY from ! The team will also be doing everything, everywhere, all at once these coming weeks. Few updates here of things to look at for in the coming weeks 🧵
GIF
read image description
ALT
2
16
38
Show this thread
reposting this bc on the day of my final exam DOJ announced a defend forward takedown of Turla malware, the EU finished its spyware inquiry, and my cyber reading backlog has reached 20 books 🥲
1
25
The EP spyware inquiry committee has adopted its final report.
Recommends the creation of an EU Tech Lab, an independent research institute with powers to investigate surveillance, provide legal and technological support, & perform forensic research.
5
16
I went on PBS to hose down some of the overheated rhetoric about spyware.
1
1
5
Our non-resident fellow attended in Belfast last month. Check out her interview with 's Jonathon Ellison to talk about her experience in cyber and cyber proliferation - more here!
1
6
16
Show this thread
📢 Big congrats to the
for their work with the White House & leading AI developers. "This will allow these models to be evaluated thoroughly by thousands of community partners & AI experts". We're excited to welcome AI policymakers to 📢 See you in LV!
Quote Tweet
Huge news! White House is supporting @aivillage_dc Generative AI Red Team event at @defcon this year. Congrats to @comathematician @ruchowdh @austincarson and everyone else planning this.
AI Village: aivillage.org/generative%20r
White House: whitehouse.gov/briefing-room/
2
13
24
Huge news! White House is supporting Generative AI Red Team event at this year. Congrats to and everyone else planning this.
AI Village: aivillage.org/generative%20r
White House: whitehouse.gov/briefing-room/
1
32
77
🚨🚨 The is tapping to have the hacker community and come together for a public evaluation of AI systems.
Historic 🧵
whitehouse.gov/briefing-room/
2
22
53
Show this thread
I'm excited to finally be able to talk about this openly. Thank you , for pushing this over the line with me, and a ton of others for their advice and ideas.
Quote Tweet
We've been hard at work on the Generative Red Team event we're doing at @defcon for a while and are excited that the @WhiteHouse announced it this morning. Here's more details:
aivillage.org/generative%20r
Show this thread
3
12
35
Show this thread
At we're excited to be partnering with , , Humane Intelligence, , and on the generative redteaming exercise at just announced by this morning:
1
8
10
Show this thread
Details revealed at RSA conference on Monday that CYBERCOM copied an infected Sunburst server and then trained its troops using the image to further 'hunt forward' malicious software from the same group of programmers associated with Russia's SVR.
1
9
17
Show this thread
BREAKING: Chairman and Ranking Member launch an investigation into .
“61 percent of shipments denied entry under the UFLPA are categorized as apparel, footwear, and textiles… We are concerned that products produced in whole or part… Show more
31
194
293































