TarahOvjeren akaunt

@tarah

Cyberwarfare contrib Fellow • •author 💍•speaking 🛩💻 ⚔️

t@tarah.org is always how to reach me
Vrijeme pridruživanja: svibanj 2007.

Tweetovi

Blokirali ste korisnika/cu @tarah

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @tarah

  1. Prikvačeni tweet
    3. lis 2019.

    Your bucket list shouldn’t be a daydream. It should be your backlog. Every once in a while, pull out your backlog and operationalize your next item into goals, a timeline, budget, and the definition of done. <3 Then do it.

    Poništi
  2. prije 2 sata

    Haaaaaaaave you met my friend Excel????

    Poništi
  3. proslijedio/la je Tweet

    A new study shows that red teams are OK to push the ethical limits — but not on themselves.

    Poništi
  4. proslijedio/la je Tweet

    I had the best time at Shmoo. Saw (and met for the first time) so many people I love and respect — , , , , , , , , , , , , , and so many more. Until next time!

    Poništi
  5. proslijedio/la je Tweet
    Poništi
  6. prije 12 sati

    I will be in Singapore during Black Hat Asia (approx March 29-April 3rd-ish) but I’ll be at a different security event. Who all will be there?

    Poništi
  7. proslijedio/la je Tweet

    Favorite gambling experience was obviously ’s gambling for noobs workshop! And impromptu poker tournament.

    Prikaži ovu nit
    Poništi
  8. prije 24 sata
    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    4. velj

    Very very important thread. Hey - know anyone that needs a research project?

    Poništi
  10. 4. velj

    We are especially looking to partner with someone who is experienced at the professional & academic level at survey design and research methods. Let us know, and we’ll keep working on this to shed light on how we operate as a community—and how we can do better! Thanks, all!

    Prikaži ovu nit
    Poništi
  11. 4. velj

    We hope this work helps people to ethically scope engagements, to understand how their targets will feel, and to reflect on geographic differences in ethical pentesting. Do you want to help? Our working paper, full sanitized data set, & slides are here:

    Prikaži ovu nit
    Poništi
  12. 4. velj

    (Sidenote: for first-time people proposing to CFPs—my work gets rejected all the time—just means you have to improve and keep going!! You can do it!) this weekend was the first place that gave Roy and me a shot. Thank you to !!

    Prikaži ovu nit
    Poništi
  13. 4. velj

    As far as we know, this is the first research of its kind on the cognitive biases of offensive security researchers. It was rejected from (at last count) five conferences, I think. Correct me on this one, Roy.

    Prikaži ovu nit
    Poništi
  14. 4. velj

    Our research explores what the infosec community feels is ethical for pentesting—what is ok to do on the job, and what should be reserved for briefings or tabletop exercises. But the infosec community is half as likely to think a test is ethical if it’s being done TO THEM.

    Prikaži ovu nit
    Poništi
  15. 4. velj

    Right now, there is no commonly-agreed upon set of ethical standards about how far we can go to test security. “Use common sense” doesn’t apply if you’re on a job, you’re ordered to do something in scope, & you’ll be fired if you don’t. Think about the wider impact, says Roy.

    Prikaži ovu nit
    Poništi
  16. 4. velj

    We know that at the far end of social engineering, serious damage can occur. It can lead to mental health issues, physical harm, and more. I won’t include a summary here, but Jacintha Saldanha was a victim of social engineering. (TW: suicide if you look it up.)

    Prikaži ovu nit
    Poništi
  17. 4. velj

    Then we began discussing some of the more ethically problematic things we do in offensive security. At what point does “authorization” to perform a pentest stop being ok if you’re, say, crafting a phishing email telling someone that their money is gone or their kid is hurt?

    Prikaži ovu nit
    Poništi
  18. 4. velj

    Roy and I had started this conversation originally about what was ethical in an approved and scoped offensive security test because we’d begun speculating about whether red teasers were likely to go easy on their own executives out of fear of losing their jobs.

    Prikaži ovu nit
    Poništi
  19. 4. velj

    This weekend at , & I presented our research on red team ethical standards around the world. did an excellent writeup in . We asked about a range of tactics, and the results were…interesting.

    Prikaži ovu nit
    Poništi
  20. proslijedio/la je Tweet

    First day, new job!

    Poništi
  21. proslijedio/la je Tweet
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·