U tweetove putem weba ili aplikacija drugih proizvođača možete dodati podatke o lokaciji, kao što su grad ili točna lokacija. Povijest lokacija tweetova uvijek možete izbrisati. Saznajte više
You can’t vouch for your own bug. You will always see it as the most beautiful bug that ever did bug. Doesn’t matter if you’re the one who does the thing, or even if you’re right. If it needs a vouch, recuse yourself. It’s ok. It’ll hold up on its own, or not. Learn either way.https://twitter.com/kim_crawley/status/1213580904603492357 …
On the flip side, be careful whose vouches you do trust. Review boards have drama that has absolutely nothing to do with you, starting from the reality that they can’t accept all the good talks. No room. People in such situations sometimes get shitty. Don’t take it personally.
You absolutely need external calibration. You’ll eventually notice our culture (for *many* definitions of our) has a positive feedback problem. A rule of thumb is, don’t seek approval from those who reject everything. What can you expect? No easy answers here.
Keep having fun. There’s a reason fun exists. Learning *should* feel good! If you’re teaching yourself something, make sure you give yourself opportunities to win at regular intervals. You don’t actually know things will work, so give yourself more chances to experience progress
The war is against burnout. Don’t forget that. Money does not cure burnout. Be kind to yourself, don’t think working for yourself doesn’t mean your boss can’t be an asshole. You’d assume. You’d be wrong. Under no circumstances share a hotel room with another consultant.
There’s no wrong way to do it. Some hack alone, some hack with peers, some learn from mentors. Some do web, some do RE, some do social. If it’s pwned, it’s pwned. Ok, yes, if there’s just a 200 page report of TLS nitpicks, it’s not pwned. Just isn’t. Write well. Take the time.
If somebody wants to nerd out with you in the hallway at con, unless you *absolutely* have to be somewhere — they are the most awesome person in the world at that very moment. Doesn’t matter if they’re competent or not. Does matter if they’re curious! Explore. Yes, you get to.
As @dinodaizovi recently said, hack things, not people. We are very ... playful when it comes to repurposing things.
Don’t extend that to people. The social engineers are working a job. That’s different. Constrained. Don’t become, as Dino says, a psychopath.
If you can just ask the dev, just ask the dev. White hat superpower. Trust me, your mental models of why things were written a certain way are wrong. That’s why your hacks work :) When they explain something to you, listen for what they’re not worried about. Look there.
If you ever have a chance to defend a team from a bullshit bug, do. Nothing makes you more credible.
You can spend too much time on Twitter. Don’t let the best record of your work be your slides. At bare minimum, make sure to package your code. Write the docs. If only for yourself! Yes, you’ll forget things.
Never, ever fake a demo. Not a thing I’ve done (well, except for that one time I faked a demo failing, which immediately turned into the demo actually failing, and getting restarted on stage. AWKWARD). Anyway, don’t. The universe will conspire against you. It’s amazing.
Mentorship is worth much more than salary. Freedom to explore is as well. My first job paid about 40% of my highest offer, but it offered much more freedom to learn. Yes, you do get to invest in yourself like that. The job that pays the most might have to, to get anyone to stay.
Want the people around you to win. Don’t overaccount — if you can help, do. You can always be a rubber duck — just let people explain a thing to you. In trying to translate, they often figure out their issue. And yes, you learn this way. From anyone, as long as they’re curious.
Not everybody’s curious. It’s ok. Takes all kinds.
Don’t gloat. Don’t threaten to expose someone to management for their bad code. This sounds dumb, well, I screwed this up once and knew it IMMEDIATELY. You’ll do a few dumb things. Try to notice. Apologize. You’re seeing other people’s babies through very naive eyes. Be kind.
You are never, ever too “junior” to talk to anyone in Infosec. There’s no bar you must pass, talk you must give, code you must write before you’re qualified to nerd out with someone. Anyone. Really. Trust me, the “famous” nerds miss the heck out of you.
I’ve said this before, but: Hackers are not rockstars. You know who are rockstars? ROCKSTARS. we ain’t rockstars we just code a lot
Anyway, just being an old nerd, musing about how you kids can have more fun on my lawn :)
Ah. There’s much more to hacking than pwnage. It’s not just about breaking in and beating somebody. We’ve got a lot of new toys. They’re supposed to do one thing. What else can they do? Not every hack is some horrifying threat to humanity. Sometimes you help the color blind!
Build things, regularly. Especially things that have nothing to do with security. Nothing will make your skills go stale faster than *only* breaking stuff. You will stop knowing what things to break, or how they imagine the world works. This is a problem. We make poor tools.
A bit of your time will be remembered for years. For good, and sadly, for bad as well. Be good to people, it matters so much. https://twitter.com/thyri/status/1213729281295171584?s=21 …https://twitter.com/thyri/status/1213729281295171584 …
If you don’t think anyone wants you to win — I do. Write me something awesome. Build me crazy, fun, inspired. I want you to win! You don’t need permission to be awesome. But if you like, I wave my Kona Harry Potter Bluetooth magic wand. Accio Awesome!
Want someone around you to win, as well. Help ‘em out. We lift eachother up. More fun that way! We ain’t doing this to be *bored* :)
Heh. Nobody’s as happy as they look. Best I can tell, everyone’s on fire. Lots of ways to burn. Protect your curiosity. Seek it in others. You’re not “supposed to already know”...anything. That’s the fun of hacking. Pawing around in the darkness, discovering accidental beauty.
Ok, so. Microphones are speakers, if you run power in the other direction. Doesn’t sound great, but it does a thing. LEDs are solar panels, in exactly the same way. In fact — solar panels are LEDs too. Run em backwards, they glow. Hacking is mostly ignoring the directions.
It’s impossible to express how safe and welcoming #DEFCON was for me. It was the first event I ever attended where random people were actually curious about my bizarre chicanery.
There’s all sorts of toxic pressures nowadays. But the magic is still around. Really.
These are hard times for curiousity. It has a cost, you know. Everything you learn will be compared against every future experience. Learn toxicity, and your future becomes nothing but correctly predicted toxicity. It becomes what you know. Nerdery is knowing something else.
That was 20 minutes of my life well spent :)
I had some guy at a random table at #Defcon who thought what I was playing with was hilarious. He wasn’t famous (as far as I know), he wasn’t some master. Just curious.
Be that guy. Listen. Laugh. Learn.
https://twitter.com/blowdart/status/1213978761378459648?s=21 …https://twitter.com/blowdart/status/1213978761378459648 …
Some people speak. Some don’t. *slaps roof* This Infosec bad boy fits so many personality types! Two things that guided my talks: 1) I’m telling my friends a story about some funny things I found. 2) Talk about a few things, so the confused can rejoin a thread. Just my way.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
