Dave dwizzzle Weston

@dwizzzleMSFT

MSFT Director of OS Security. I love naps 😴 but I stay woke 🙅‍♂️

SEA
Vrijeme pridruživanja: travanj 2008.

Tweetovi

Blokirali ste korisnika/cu @dwizzzleMSFT

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @dwizzzleMSFT

  1. proslijedio/la je Tweet
    prije 2 sata

    We’re currently running a pilot that uses the underlying tech to replace old code with safe parsers on critical attack surface. It’s looking promising.

    Poništi
  2. I was talking to a few folks today about the new awesome Cisco research and said: "we have come a long way since Mike Lynn" and they had no idea who he was. Lets be a community that celebrates those they paved the way and doesn't forget

    Prikaži ovu nit
    Poništi
  3. Mike Lynn is just one of the many heroes that made it possible for so many people to have a legit job in security research today. I could go on about dozens of others who had similar impacts.

    Prikaži ovu nit
    Poništi
  4. Prikaži ovu nit
    Poništi
  5. I love all the new people and energy in security, its awesome. However lets not forget the shoulders of giants we stand on, new folks should try their best to learn history. They did it for fun and because it was the right thing to do when it wasn't cool, popular, or heroic.

    Prikaži ovu nit
    Poništi
  6. 3) now you can decide if you really still need to buy something to get more visibility for the much smaller set of attacks arhat actually apply to you

    Prikaži ovu nit
    Poništi
  7. 2) your actually going to be able to see anomalies because you will be protected from the vast majority of real world attacks

    Prikaži ovu nit
    Poništi
  8. 1) not going to have alert fatigue from al kinds of random crap hitting your machines

    Prikaži ovu nit
    Poništi
  9. Your better off getting a prevention baseline deployed (yes this is going to be a lot of work) and using sysmon and logs to start. Once you have that your:

    Prikaži ovu nit
    Poništi
  10. Also most people do endpoint wrong. They go “all in” on “visibility” and “threat hunting” while their endpoints are a dumpster fire. How are you going to find an APT in a sea of adware,keygens, and coin miners all over your enterprise? Your not.

    Prikaži ovu nit
    Poništi
  11. Also help us help you. Try rolling this stuff out in your org and then reach out with stuff we need to improve

    Prikaži ovu nit
    Poništi
  12. Now that everyone has an EDR and 20 other agents on the machine this is how attackers will respond. You need to get app control AND driver control deployed to get out of the wack a mole cycle.

    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    Poništi
  14. Truth is all fancy EDRs and endpoint security can be disabled by an attack like this. With Driver control using HVCI on Windows 10 this attack is prevented. You don’t need to buy this, it’s included in Windows 10 pro and up. All Secured core PCs have it on by default.

    Prikaži ovu nit
    Poništi
  15. proslijedio/la je Tweet
    prije 11 sati

    9/9 thank you so much , , Gili Ben-Zvi and the rest of the orgteam for yet another amazing event, and for letting me take a more significant part in it this year ❤️

    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    5. velj

    Mitigations for path redirection attacks: hardlinks will require write access to target file, junctions created from medium IL will be marked and not followed by privileged processes, SYSTEM will get its own %TEMP%

    Poništi
  17. proslijedio/la je Tweet
    5. velj

    Great talk by ! Definitely check out these slides on excellent approaches for scaling and measuring security practices at your org!

    Poništi
  18. proslijedio/la je Tweet
    3. velj

    日常ってこういう事かな。

    Poništi
  19. 5. velj
    Prikaži ovu nit
    Poništi
  20. proslijedio/la je Tweet
    5. velj
    Odgovor korisniku/ci

    They asked about you in the Haifa kebab

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·