Brian in Pittsburgh

@arekfurt

Former attorney, current IT & infosec consultant in the 'Burgh. Happy to talk about password spraying one minute and constitutional law the next. Son of .

Vrijeme pridruživanja: lipanj 2015.

Tweetovi

Blokirali ste korisnika/cu @arekfurt

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @arekfurt

  1. Prikvačeni tweet
    8. kol 2019.

    Take ego out of the equation and focus on countering the threats that are relevant to you and that you can actually, reasonably hope to counter. Create as much risk reduction for your org as you can with the resources you can get. Everything else is out of your hands.

    Prikaži ovu nit
    Poništi
  2. prije 2 sata

    The phrase "Zero Trust" is not for those who really understand network hardening. The same way those product ads about stopping Mimikatz aren't intended to persuade detection professionals. Both are marketing devices aimed at people above your pay grade. Alas, oft effectively.

    Poništi
  3. prije 19 sati

    The Defendant had a Secret-level clearance, and the info in these files was at least apparently controlled by ITAR rules and thus should not have been taken overseas. But if the info wasn't actually classified that would explain some things from a cybersecurity standpoint.

    Prikaži ovu nit
    Poništi
  4. prije 19 sati

    Huh. After reading the superseding indictment and the prior indictment here neither makes any mention of the laptop containing classified information. They do allege that 5 files contained ITAR-controlled information, and the charges relate to violating arms export control laws.

    Prikaži ovu nit
    Poništi
  5. prije 23 sata

    Not a theoretical concern, BTW. Response firms love telling stories about getting called in to deal with low-end clumsy or aggressive attackers and then also uncovering completely different, much better players who had been quietly stealing info for a long time.

    Prikaži ovu nit
    Poništi
  6. prije 23 sata

    This thread + replies raises an interesting thought: if you're a really good state espionage actor (with some 👍👍 capabilities), you in fact may *want* valuable targets to have generally good (but not great, obviously) defenses robust enough to keep out the riff-raff.

    Prikaži ovu nit
    Poništi
  7. 2. velj

    "Pleased to be in Saudi Arabia as a keynote speaker at the Global Cybersecurity Forum!"

    Poništi
  8. 2. velj

    (Just to be 100% clear that's a joke on not-so-stealthy actors using Twitter. No clue what the binary here says and am too lazy to decipher it but I assure you it ain't C2.)

    Prikaži ovu nit
    Poništi
  9. 2. velj

    When Twitter-based malware C2 gets a little too obvious. 🙂

    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet

    Honestly, if your threat model doesn't include at least a few situations where the outcome is: "You are fucked" You are not doing it right.

    Prikaži ovu nit
    Poništi
  11. 2. velj

    Now this, people, is what an actual damn LoLBin looks like. A trusted application that can be used to download and/or kick off execution of code of an attacker's choosing **in a way that is undocumented or nearly unknown.** Not just new or unpopular-ish. Good job. 👏

    Poništi
  12. 1. velj

    That said, actually going through the motions of still checking people who aren't open carrying for concealed weapons looks really silly.

    Prikaži ovu nit
    Poništi
  13. 1. velj

    What's the point of having a metal detector in a gov facility when people are literally open carrying rifles into the place? Practically, it's arguable whether there is one. Legally, however, concealed weapons may still be barred by law from a place open carry is allowed.

    Prikaži ovu nit
    Poništi
  14. proslijedio/la je Tweet
    31. sij

    Good outcome and a good reminder that an obsessive focus on precise scope and clarity in drafting rules of engagement for pentesting can literally help keep people out of jail.

    Poništi
  15. 31. sij

    I'm may start experimenting with setting up specialized break glass admin accounts that can only be accessed locally and where every login should grab the attention of someone. Of course, that would have signification implications for local admin password management.😕

    Prikaži ovu nit
    Poništi
  16. 31. sij

    Unfortunately, if you want a user to be able to run that themselves (either because you don't want them to have to go through support or because there is no right-this-minute support always available) that means a user has to have access to an admin password.😑

    Prikaži ovu nit
    Poništi
  17. 31. sij

    Many 3rd party solutions have functionality to handle this fairly well. WDAC does not. Fortunately, if you're using unsigned WDAC policies you can jerryrig a simple script that, when run as admin, will delete the policies in the Active folder. (Or swap them for audit policies.)

    Prikaži ovu nit
    Poništi
  18. 31. sij

    Something I knew but have gained further personal experience with this week: the annoying need to often have a quick override or temporary disablement process available for your app whitelisting/control enforcement. At least on the workstations of many knowledge workers.

    Prikaži ovu nit
    Poništi
  19. 31. sij

    This is a good and just development. Probably an overdue one. But hopefully physical pentesters and firms everywhere are actually learning legal and operational lessons from this case about how to operate to prevent situations like these from arising at all.

    Poništi
  20. 31. sij

    All of which is to say: Pay little heed to those who speak breezily about choosing to accept the price of doing the right thing as if it's nothing. Very likely, they have never really had to pay a severe one themselves. (But also: Do the right thing anyway.)

    Prikaži ovu nit
    Poništi
  21. 31. sij

    Today, remain I fully convinced I did the right thing. And, to be clear, it's not exactly that I regret doing it. I would have sold away a chunk of myself if I hadn't. However, I'd quite probably be a more successful & esteemed man if I'd lied. Very possibly a happier one.

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·