Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @arekfurt
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @arekfurt
-
Prikvačeni tweet
Take ego out of the equation and focus on countering the threats that are relevant to you and that you can actually, reasonably hope to counter. Create as much risk reduction for your org as you can with the resources you can get. Everything else is out of your hands.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
The phrase "Zero Trust" is not for those who really understand network hardening. The same way those product ads about stopping Mimikatz aren't intended to persuade detection professionals. Both are marketing devices aimed at people above your pay grade. Alas, oft effectively.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
The Defendant had a Secret-level clearance, and the info in these files was at least apparently controlled by ITAR rules and thus should not have been taken overseas. But if the info wasn't actually classified that would explain some things from a cybersecurity standpoint.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Huh. After reading the superseding indictment and the prior indictment here neither makes any mention of the laptop containing classified information. They do allege that 5 files contained ITAR-controlled information, and the charges relate to violating arms export control laws.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Not a theoretical concern, BTW. Response firms love telling stories about getting called in to deal with low-end clumsy or aggressive attackers and then also uncovering completely different, much better players who had been quietly stealing info for a long time.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
This thread + replies raises an interesting thought: if you're a really good state espionage actor (with some

capabilities), you in fact may *want* valuable targets to have generally good (but not great, obviously) defenses robust enough to keep out the riff-raff.
#NOBUShttps://twitter.com/QW5kcmV3/status/1223950053523574785 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
"Pleased to be in Saudi Arabia as a keynote speaker at the Global Cybersecurity Forum!"pic.twitter.com/refeG2vcTS
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
(Just to be 100% clear that's a joke on not-so-stealthy actors using Twitter. No clue what the binary here says and am too lazy to decipher it but I assure you it ain't C2.)
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
When Twitter-based malware C2 gets a little too obvious.
https://twitter.com/JenMsft/status/1223855738310627328 …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Brian in Pittsburgh proslijedio/la je Tweet
Honestly, if your threat model doesn't include at least a few situations where the outcome is: "You are fucked" You are not doing it right.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Now this, people, is what an actual damn LoLBin looks like. A trusted application that can be used to download and/or kick off execution of code of an attacker's choosing **in a way that is undocumented or nearly unknown.** Not just new or unpopular-ish. Good job.
https://twitter.com/Hexacorn/status/1223777258185351168 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
That said, actually going through the motions of still checking people who aren't open carrying for concealed weapons looks really silly.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
What's the point of having a metal detector in a gov facility when people are literally open carrying rifles into the place? Practically, it's arguable whether there is one. Legally, however, concealed weapons may still be barred by law from a place open carry is allowed.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Brian in Pittsburgh proslijedio/la je Tweet
Good outcome and a good reminder that an obsessive focus on precise scope and clarity in drafting rules of engagement for pentesting can literally help keep people out of jail.https://arstechnica.com/information-technology/2020/01/criminal-charges-dropped-against-2-pentesters-who-broke-into-iowa-courthouse/ …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I'm may start experimenting with setting up specialized break glass admin accounts that can only be accessed locally and where every login should grab the attention of someone. Of course, that would have signification implications for local admin password management.
#nevereasyPrikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Unfortunately, if you want a user to be able to run that themselves (either because you don't want them to have to go through support or because there is no right-this-minute support always available) that means a user has to have access to an admin password.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Many 3rd party solutions have functionality to handle this fairly well. WDAC does not. Fortunately, if you're using unsigned WDAC policies you can jerryrig a simple script that, when run as admin, will delete the policies in the Active folder. (Or swap them for audit policies.)
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Something I knew but have gained further personal experience with this week: the annoying need to often have a quick override or temporary disablement process available for your app whitelisting/control enforcement. At least on the workstations of many knowledge workers.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
This is a good and just development. Probably an overdue one. But hopefully physical pentesters and firms everywhere are actually learning legal and operational lessons from this case about how to operate to prevent situations like these from arising at all.https://twitter.com/jorgeorchilles/status/1223008311525695490 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
All of which is to say: Pay little heed to those who speak breezily about choosing to accept the price of doing the right thing as if it's nothing. Very likely, they have never really had to pay a severe one themselves. (But also: Do the right thing anyway.)
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Today, remain I fully convinced I did the right thing. And, to be clear, it's not exactly that I regret doing it. I would have sold away a chunk of myself if I hadn't. However, I'd quite probably be a more successful & esteemed man if I'd lied. Very possibly a happier one.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.