Skip to content
By using Twitter’s services you agree to our Cookies Use. We and our partners operate globally and use cookies, including for analytics, personalisation, and ads.
  • Home Home Home, current page.
  • Moments Moments Moments, current page.

Saved searches

  • Remove
  • In this conversation
    Verified accountProtected Tweets @
Suggested users
  • Verified accountProtected Tweets @
  • Verified accountProtected Tweets @
  • Language: English
    • Bahasa Indonesia
    • Bahasa Melayu
    • Català
    • Čeština
    • Dansk
    • Deutsch
    • English UK
    • Español
    • Filipino
    • Français
    • Hrvatski
    • Italiano
    • Magyar
    • Nederlands
    • Norsk
    • Polski
    • Português
    • Română
    • Slovenčina
    • Suomi
    • Svenska
    • Tiếng Việt
    • Türkçe
    • Ελληνικά
    • Български език
    • Русский
    • Српски
    • Українська мова
    • עִבְרִית
    • العربية
    • فارسی
    • मराठी
    • हिन्दी
    • বাংলা
    • ગુજરાતી
    • தமிழ்
    • ಕನ್ನಡ
    • ภาษาไทย
    • 한국어
    • 日本語
    • 简体中文
    • 繁體中文
  • Have an account? Log in
    Have an account?
    · Forgot password?

    New to Twitter?
    Sign up
dguido's profile
Dan Guido
Dan Guido
Dan Guido
@dguido

Tweets

Dan Guido

@dguido

CEO @trailofbits, organizer @EmpireHacking, director @hack_secure. Open DMs.

Brooklyn, NY
trailofbits.com
Joined April 2008

Tweets

  • © 2018 Twitter
  • About
  • Help Center
  • Terms
  • Privacy policy
  • Cookies
  • Ads info
Dismiss
Previous
Next

Go to a person's profile

Saved searches

  • Remove
  • In this conversation
    Verified accountProtected Tweets @
Suggested users
  • Verified accountProtected Tweets @
  • Verified accountProtected Tweets @

Promote this Tweet

Block

  • Tweet with a location

    You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more

    Your lists

    Create a new list


    Under 100 characters, optional

    Privacy

    Copy link to Tweet

    Embed this Tweet

    Embed this Video

    Add this Tweet to your website by copying the code below. Learn more

    Add this video to your website by copying the code below. Learn more

    Hmm, there was a problem reaching the server.

    By embedding Twitter content in your website or app, you are agreeing to the Twitter Developer Agreement and Developer Policy.

    Preview

    Why you're seeing this ad

    Log in to Twitter

    · Forgot password?
    Don't have an account? Sign up »

    Sign up for Twitter

    Not on Twitter? Sign up, tune into the things you care about, and get updates as they happen.

    Sign up
    Have an account? Log in »

    Two-way (sending and receiving) short codes:

    Country Code For customers of
    United States 40404 (any)
    Canada 21212 (any)
    United Kingdom 86444 Vodafone, Orange, 3, O2
    Brazil 40404 Nextel, TIM
    Haiti 40404 Digicel, Voila
    Ireland 51210 Vodafone, O2
    India 53000 Bharti Airtel, Videocon, Reliance
    Indonesia 89887 AXIS, 3, Telkomsel, Indosat, XL Axiata
    Italy 4880804 Wind
    3424486444 Vodafone
    » See SMS short codes for other countries

    Confirmation

     

    Welcome home!

    This timeline is where you’ll spend most of your time, getting instant updates about what matters to you.

    Tweets not working for you?

    Hover over the profile pic and click the Following button to unfollow any account.

    Say a lot with a little

    When you see a Tweet you love, tap the heart — it lets the person who wrote it know you shared the love.

    Spread the word

    The fastest way to share someone else’s Tweet with your followers is with a Retweet. Tap the icon to send it instantly.

    Join the conversation

    Add your thoughts about any Tweet with a Reply. Find a topic you’re passionate about, and jump right in.

    Learn the latest

    Get instant insight into what people are talking about now.

    Get more of what you love

    Follow more accounts to get instant updates about topics you care about.

    Find what's happening

    See the latest conversations about any topic instantly.

    Never miss a Moment

    Catch up instantly on the best stories happening as they unfold.

    1. Dan Guido‏ @dguido 28 Apr 2016

      I'm going to live-tweet my observations about the 2016 Verizon DBIR as I read it. Judging by past years, it won't be pretty.

      3 replies 26 retweets 32 likes
    2. Dan Guido‏ @dguido 28 Apr 2016
      Replying to @dguido

      I generally think the analysis in the DBIR is poor and it assists in misleading enterprise defenders. Without further ado, here we go!

      2 replies 9 retweets 17 likes
    3. Dan Guido‏ @dguido 28 Apr 2016
      Replying to @dguido

      Oh cool, companies are getting worse at detecting breaches over time. This is my favorite graph every year.pic.twitter.com/UjPxhMvgRH

      3 replies 40 retweets 34 likes
    4. Dan Guido‏ @dguido 28 Apr 2016
      Replying to @dguido

      This is a stupid graph and Verizon should feel bad for letting Kenna Security put it in their report.pic.twitter.com/v9Hs7CC9Kg

      5 replies 11 retweets 16 likes
    5. Dan Guido‏ @dguido 28 Apr 2016
      Replying to @dguido

      Do we not understand that counting vulnerabilities without context is useless? Verizon organized their data into attack patterns, c'mon.

      2 replies 4 retweets 7 likes
    6. Dan Guido‏ @dguido 28 Apr 2016
      Replying to @dguido

      Phishing education continues to be a mostly worthless pursuit. 30% of all emails opened, median time to click ~4m.pic.twitter.com/0mXYqHSFrg

      6 replies 57 retweets 39 likes
    7. Dan Guido‏ @dguido 28 Apr 2016
      Replying to @dguido

      Here's the "value add" of phishing education if you want to call it that.pic.twitter.com/m07KHAo5qu

      1 reply 14 retweets 18 likes
    8. Dan Guido‏ @dguido 28 Apr 2016
      Replying to @dguido

      I can never understand how Verizon bundles C2 in this dataset. This makes no sense!pic.twitter.com/Vw5PnCavgq

      2 replies 1 retweet 1 like
      Dan Guido‏ @dguido 28 Apr 2016

      According to Verizon, in 980 cases (out of what?) hackers want to communicate with things after they hack them. I guess?

      1:49 PM - 28 Apr 2016
      • 1 Retweet
      • 1 Like
      • ḏ̘͊ͅa̮ͩ̓͗̌s̬͐̑ͅh̟̤̭͍͍̔̿ͭ͒́ Sean Sposito
      2 replies 1 retweet 1 like
        1. New conversation
        2. Dan Guido‏ @dguido 28 Apr 2016
          Replying to @dguido

          Good luck finding payment card skimmers using stolen creds while you're dealing with all these "misc errors"pic.twitter.com/bvQDmkF8of

          2 replies 9 retweets 19 likes
        3. Dan Guido‏ @dguido 28 Apr 2016
          Replying to @dguido

          Then why didn't you organize this damn report to match the 9 patterns you *finally* figured out in 2014!?pic.twitter.com/IOmW7YzxHl

          2 replies 0 retweets 4 likes
        4. Dan Guido‏ @dguido 28 Apr 2016
          Replying to @dguido

          How am I supposed to interpret ANY of this data if it's not mapped to a threat group or attack pattern? Useless.pic.twitter.com/A7KH4Y0gBp

          3 replies 9 retweets 5 likes
        5. Dan Guido‏ @dguido 28 Apr 2016
          Replying to @dguido

          This graph is clearly garbage in / garbage out. They even acknowledge it in the accompanying text. Hilarious.pic.twitter.com/V9ea2gItlM

          3 replies 12 retweets 16 likes
        6. Dan Guido‏ @dguido 28 Apr 2016
          Replying to @dguido

          If you use a credit card at a hotel, casino, or retail store, congratulations, it's fucking gone.pic.twitter.com/TtZftmYWUJ

          9 replies 63 retweets 51 likes
        7. Dan Guido‏ @dguido 28 Apr 2016
          Replying to @dguido

          This graph appears on page 23, and it's the first real useful one so far. Let's see what else we can read into from it.

          1 reply 0 retweets 0 likes
        8. Dan Guido‏ @dguido 28 Apr 2016
          Replying to @dguido

          Everyone is looking at everyone's health records in the healthcare industry.

          3 replies 11 retweets 2 likes
        9. Dan Guido‏ @dguido 28 Apr 2016
          Replying to @dguido

          Cyberespionage is HUGE is manufacturing (outside the obvious professional and government industries)

          1 reply 3 retweets 1 like
        10. Dan Guido‏ @dguido 28 Apr 2016
          Replying to @dguido

          Education and Government literally can't even. They both lead in the miscellaneous errors category by a mile. Good luck dudes!

          3 replies 7 retweets 3 likes
        11. Dan Guido‏ @dguido 28 Apr 2016
          Replying to @dguido

          Webapps are getting clobbered across the board. No one can deprecate old PHP apps fast enough apparently. LFI/RFI/etc rule.

          1 reply 4 retweets 6 likes
        12. Dan Guido‏ @dguido 28 Apr 2016
          Replying to @dguido

          Webapps, so easy to hack that everyone does it for fun. FIG being a useless acronym for "I felt like it, that's why"pic.twitter.com/xRJCluax3n

          1 reply 1 retweet 3 likes
        13. Dan Guido‏ @dguido 28 Apr 2016
          Replying to @dguido

          No. Stop. None of that works. The only good answer is "Buy an iPad POS."pic.twitter.com/L0ERLwVozm

          4 replies 22 retweets 26 likes
        14. Dan Guido‏ @dguido 28 Apr 2016
          Replying to @dguido

          Ffs go buy an iPad POS! "Malware is the workhorse of POS breaches" Good luck getting any on an immutable filesystem.pic.twitter.com/iMdWS0EkMo

          2 replies 3 retweets 8 likes
        15. Dan Guido‏ @dguido 28 Apr 2016
          Replying to @dguido

          get your shit together. get it all together and put it in a backpack, all your shit. so it's together.pic.twitter.com/tEmrRAxpEa

          1 reply 1 retweet 11 likes
        16. Dan Guido‏ @dguido 28 Apr 2016
          Replying to @dguido

          Rick and Morty is required watching for infosec teams now, get with it. https://www.youtube.com/watch?v=xIAfCupuZ3w …

          2 replies 6 retweets 10 likes
        17. Dan Guido‏ @dguido 28 Apr 2016
          Replying to @dguido

          Probably the saddest graph in the DBIR. I accidentally the publish button too sometimes. *hugs*pic.twitter.com/yEo1tM7vRQ

          1 reply 2 retweets 1 like
        18. Dan Guido‏ @dguido 28 Apr 2016
          Replying to @dguido

          Nope. Just nope. Chromebooks. Cloud data. Useless client devices. Those are the answers for lost/stolen devices.pic.twitter.com/4ddfZ2tHgo

          1 reply 10 retweets 11 likes
        19. Dan Guido‏ @dguido 28 Apr 2016
          Replying to @dguido

          Again with C2 being its own category! What the hell Verizon? How does this make sense?pic.twitter.com/7QV7Qd2Wm9

          2 replies 0 retweets 2 likes
        20. Dan Guido‏ @dguido 28 Apr 2016
          Replying to @dguido

          Completely lost on Verizon: Any notion of sandboxing or browser versions. Real problems for attackers!pic.twitter.com/4xf4naV5eg

          1 reply 2 retweets 5 likes
        21. Dan Guido‏ @dguido 28 Apr 2016
          Replying to @dguido

          It's 2016, nearly all malware is built to order just for you. But keep sharing those MD5s. Info sharing rah rah!pic.twitter.com/xhTpnRGrQ0

          4 replies 52 retweets 32 likes
        22. Dan Guido‏ @dguido 28 Apr 2016
          Replying to @dguido

          Verizon missing the boat on useful controls again. Recommended reaction to 99% unique malware: immutability.pic.twitter.com/vbyFvT6m1N

          3 replies 10 retweets 6 likes
        23. Dan Guido‏ @dguido 28 Apr 2016
          Replying to @dguido

          Lots of the data in the last third of this report is not very interesting. Espionage campaigns use phishing you say?pic.twitter.com/GOM5T5YANA

          1 reply 0 retweets 2 likes
        24. Dan Guido‏ @dguido 28 Apr 2016
          Replying to @dguido

          The usefulness of this graph sums up how I feel about the entire "everything else" sectionpic.twitter.com/vpxpwqfqfU

          1 reply 1 retweet 4 likes
        25. Dan Guido‏ @dguido 28 Apr 2016
          Replying to @dguido

          I feel like I know this graph from somewhere, but I can't quite put my finger on it... "death links"? no...pic.twitter.com/JeoT5WBf1K

          2 replies 0 retweets 2 likes
        26. Dan Guido‏ @dguido 28 Apr 2016
          Replying to @dguido

          The reason you keep getting free credit monitoring is because that's basically the only thing insurance pays forpic.twitter.com/4yEFqERbTW

          2 replies 15 retweets 21 likes
        27. Dan Guido‏ @dguido 28 Apr 2016
          Replying to @dguido

          Either all the credit cards have already been stolen or fraud monitoring is getting really good (probably both)pic.twitter.com/Wlef1VgEZV

          0 replies 14 retweets 22 likes
        28. End of conversation

      Loading seems to be taking a while.

      Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

        Promoted Tweet

        false

        • © 2018 Twitter
        • About
        • Help Center
        • Terms
        • Privacy policy
        • Cookies
        • Ads info