Olivia
Online
Gal Shpantzer
@Shpantzer
Information security and data engineering advisor. Virtual CISO with interdisciplinary skillset to solve complex business and technical problems. Not CISSP/10X
Wherever there's trouble
Joined February 2009
4.7K Following
10.6K Followers
54K Posts
Pinned Tweet
Availability is the new confidentiality(TM). Gal Shpantzer, 2016
We’re continuing to work with Microsoft and GitHub to investigate the impact of the malicious Nx Console version 18.95.0. I'll share any updates on X (@jeffbcross and @NxDevTools) as well as in our security advisory: https://t.co/szBoQ3doaX.
Initially, Microsoft indicated to us that there were 28 installs of the malicious version 18.95.0. Based on our own analytics for the compromised version, we currently believe the number of users who received the malicious package may be significantly higher; potentially over 6k installs.
We’ll keep working to determine the actual impact and exposure, and I don’t want to speculate beyond the facts we have right now. But I also don’t want to minimize the situation.
This is my top priority right now. Our team has been, and continues to be focused on understanding exactly what happened, helping affected users, hardening our systems and release processes, and being as transparent as possible throughout the investigation.
I’m with Jason on this.
Just a reminder: I give away many of my tips tricks, research, and methodology via conference talks, podcasts, free workshops, webinars, blogs, here on Twitter, and via my newsletter Executive Offense.
I’ve contributed code to many tools. I write and release tools myself, in FOSS.
I have done this for 21 years. I never stopped. I just charge for classes now that are the ultimate curation of all those things. Updates? Yeah modern research and updates in charge for. I have a family, sue me I guess.
Thanks to the two assholes who sent me dm dissertations on how I’m a sellout influencer and that real hackers release everything for free. Saying that my all my contributions are null and void for running courses.
Really makes me want to keep doing it.
These aren’t bots either, there are real people in the industry at real consultancies.
That’s cool I guess. To be an asshole and meme 💯 of the time is in style.
Better be sure that if I see you on the signup list or anyone from your consultancy… you are not welcome at Arcanum stuff. Gl and have a wonderful life 🤗
Reposting some ransomware stuff from years ago, thinking about how this stuff evolved and how many are still vulnerable to/surprised by ye olde ways
Who to follow
Dr. Anton Chuvakin 
@anton_chuvakin
Information security - #SIEM, #DFIR, #EDR formerly at Gartner! Now @GoogleCloud Office of the #CISO; host of @CloudSecPodcast https://t.co/VpKtfz8nXG
Ben Rothke
@benrothke
I manage information security at @Experian. Write articles & book reviews on security, privacy, risk management. Member of @CyberSecCanon.
Dave Lewis
@gattaca
@1Password Global Advisory CISO, keynote, breaker of things, dad, creator of (-:|3, OG, raconteur, conflicted, gentleman spy, investor, whisky distillery owner
Ransomware uses full-screen Windows updates progress UI to get user to wait while it encrypts their files https://t.co/qOmdPM9ld3
This #ransomware has no Word macro. It tricks users to run the embedded OLE package and delete their backups.
⚠️ Update: It has now been 24 hours since #Iran implemented a nationwide internet shutdown, with connectivity flatlining at 1% of ordinary levels. The ongoing digital blackout violates the fundamental rights and liberties of Iranians while masking regime violence ⏱
This one here is a goodie! A customer called us because they had several incidents where the system time "magically" jumped days, sometimes even months, back and forth (see screenshot). You can imagine the issues inflicted by this behavior. So the question was.. Cyber? Attacker? Misconfiguration?
If you have never heard of Secure Time Seeding, you might want to read the article on Ars Technica. It might save your day eventually. [1]
Microsoft introduced the time-keeping feature in 2016 as a way to ensure that system clocks were accurate. Windows systems with clocks set to the wrong time can cause disastrous errors when they can’t properly parse timestamps in digital certificates or they execute jobs too early, too late, or out of the prescribed order.
“You may ask - why doesn’t the device ask the nearest time server for the current time over the network?” Microsoft engineers wrote. “Since the device is not in a state to communicate securely over the network, it cannot obtain time securely over the network as well, unless you choose to ignore network security or at least punch some holes into it by making exceptions.”
To avoid making security exceptions, Secure Time Seeding sets the time based on data inside an SSL handshake the machine makes with remote servers.
Despite the checks and balances built into STS to ensure it provides accurate time estimates, the time jumps indicate the feature sometimes makes wild guesses that are off by days, weeks, months, or even years.
🤯
You can turn this feature off, as our client did. [2]
[1] https://t.co/9FqX2ji5k0
[2] https://t.co/4b7zt7rnib
![malmoeb's tweet photo. This one here is a goodie! A customer called us because they had several incidents where the system time "magically" jumped days, sometimes even months, back and forth (see screenshot). You can imagine the issues inflicted by this behavior. So the question was.. Cyber? Attacker? Misconfiguration?
If you have never heard of Secure Time Seeding, you might want to read the article on Ars Technica. It might save your day eventually. [1]
Microsoft introduced the time-keeping feature in 2016 as a way to ensure that system clocks were accurate. Windows systems with clocks set to the wrong time can cause disastrous errors when they can’t properly parse timestamps in digital certificates or they execute jobs too early, too late, or out of the prescribed order.
“You may ask - why doesn’t the device ask the nearest time server for the current time over the network?” Microsoft engineers wrote. “Since the device is not in a state to communicate securely over the network, it cannot obtain time securely over the network as well, unless you choose to ignore network security or at least punch some holes into it by making exceptions.”
To avoid making security exceptions, Secure Time Seeding sets the time based on data inside an SSL handshake the machine makes with remote servers.
Despite the checks and balances built into STS to ensure it provides accurate time estimates, the time jumps indicate the feature sometimes makes wild guesses that are off by days, weeks, months, or even years.
🤯
You can turn this feature off, as our client did. [2]
[1] https://t.co/9FqX2ji5k0
[2] https://t.co/4b7zt7rnib](https://pbs.twimg.com/media/G4q6f9kW0AAj_e5.png)
In various business email compromise (BEC) cases, we later discovered that although the customer had set up a conditional access (CA) policy to enforce multi-factor authentication, mistakes had been made during the implementation of said policies.
For example, certain resources were excluded, allowing attackers to access data despite the policy. In other cases, specific user agents were excluded. The list is relatively long.
There are various tools that allow you to automatically test different login processes, user agents, and resources. I briefly tried NoPrompt over the weekend, and it was super easy to use. [1]
This is also a simple step that I, as a cloud administrator, can take to identify low-hanging fruit for attackers. Otherwise, you might lull yourself into a false sense of security that can be easily circumvented.
[1] https://t.co/HKrc1phdN0
![malmoeb's tweet photo. In various business email compromise (BEC) cases, we later discovered that although the customer had set up a conditional access (CA) policy to enforce multi-factor authentication, mistakes had been made during the implementation of said policies.
For example, certain resources were excluded, allowing attackers to access data despite the policy. In other cases, specific user agents were excluded. The list is relatively long.
There are various tools that allow you to automatically test different login processes, user agents, and resources. I briefly tried NoPrompt over the weekend, and it was super easy to use. [1]
This is also a simple step that I, as a cloud administrator, can take to identify low-hanging fruit for attackers. Otherwise, you might lull yourself into a false sense of security that can be easily circumvented.
[1] https://t.co/HKrc1phdN0](https://pbs.twimg.com/media/G3rtfqZXAAAdAYb.jpg)
@bettersafetynet @DFS_JasonJ Remember SOAR? It was gonna do all those things… just add dot ai and it’s already half way to automating all the things
@anton_chuvakin Drink water, eat more fiber, eat less salt, wash your hands. The treadmill won’t stop.
Kinda wild that this "AI coding assistant" that creates GitHub PRs according to changes I request was almost entirely written by me prompting ChatGPT. About 700 lines of code, and really just two evenings performing iterated prompting & some cut/paste & some minor edits.
@skamille Pre-ordered, says Nov 12 ETA
Got to connect with @RachelTobac on some of the latest AI deepfake news about Taylor Swift.
Rachel is one of the top experts in all things social engineering and we decided to start recording our side chats for you all.
This.
Everyone: Telegram is encrypted.
Experts: Telegram IS NOT an encrypted messaging app
<CEO gets arrested>
News: Telegram is an encrypted messaging app.
Experts: Telegram IS NOT an encrypted messaging app.
This is what it looks and sounds like when your child breaks the world record at the Olympics. This is shot live from my perspective.
Please make this happen. I would love nothing more than to have an image parser run during a bugcheck
Has anyone in my network deployed Copilot for Microsoft 365 and users feel they're getting $30/mo value from it?
Last Seen Users on Sotwe
ชอบเย็ดแม่หม้ายครับพุนพิน สุราฐ์ธานีก.ม18
Seen from Thailand
حمزة الجزائري
Seen from Algeria
M 🔞🔥
Seen from Oman
sʟᴜᴛ sʟᴀʏᴇʀ .
Seen from United Kingdom
Ankara femboy asya
Seen from Turkey
Üniversiteli Yonca
Seen from Netherlands
mavi as
Seen from Turkey
حمادي بنغزي
Seen from Germany
Bordeaux Black - Voice Actress & Sound Design
Seen from United States
KAIO🫦
Seen from Saudi Arabia
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers