Top Tweets for #securityonepercent
I rediscovered this poster. Any idea how old it is? I’m estimating it dates to about 2012-13. Artifacts like this, which are as relevant today as they were 10 years ago, are one sign we may not be making much progress in #infosec, at least outside the #securityonepercent.

@YoSignals If you have paying clients then they are likely in the #securityonepercent. Still, I'm not saying there is ZERO benefit, even for those outside the SOP. I'm saying "Digital Offense Capabilities Are Currently Net Negative for the Security Ecosystem." It's not "OST bad, ban OST."
@YoSignals Yes, I wrote about objections from vendors, major consumers, and the #securityonepercent in this post: https://t.co/E8Gg7l38Fv
If anyone has any doubt why defense in cybersecurity is inherently disadvantageous, behold the complexity in simply understanding all that is depicted in these superb graphics. Only those in the #securityonepercent have a chance, and only after study and experimentation, I bet.

@MalwareTechBlog @corg_e Reminds me of #securityonepercent blogs from @taosecurity
“Security and the One Percent: A Thought Exercise in Estimation and Consequences”
https://t.co/vY78My8e9G
@anton_chuvakin @4n6ir @Beaker The "SOC is dead" idea is probably only valid for the top of the #securityonepercent who can invest in leading processes and talent. For those in the rest of the top 10%, it's probably still valid. For the majority of those protecting data, a SOC is out of their reach anyway.🤔
Did anyone see when the RU intruders first gained access to the UA target? ESET says deployment at 14:58, but was RU there earlier? If not, that's only 72 mins to detect and respond, as it hit at 16:10. <1 hr dwell time still the goal for #securityonepercent. #timecentricsecurity

#BREAKING #ESETresearch helped analyze a #Sandworm campaign against an energy company in #Ukraine 🇺🇦 using #CaddyWiper and a new version of the infamous #Industroyer malware. #WarInUkraine https://t.co/QRR5M6etfS 1/5
@beuchelt @msager Yes, although @ImposeCost was the pioneer there and has been carrying the torch consistently. I get too worn down by the #securityonepercent who refuse to see that "Digital Offense Capabilities Are Currently Net Negative for the Security Ecosystem." (blog) https://t.co/E8Gg7l38Fv
#Okta may be the new Solar Winds: a vendor used by the #securityonepercent (maybe even the 10%?) to improve their security, but once breached, introduces more risk of compromise. This is why anyone who claims they have the answer to #cybersecurity doesn't understand the question.
💯This is also why cryptocurrencies will not replace the banking system. Those outside the #securityonepercent need institutions with phone numbers, offices, people, oversight and processes to handle problems. “Trust in technology” has been repeatedly shown to be trust misplaced.
This is very helpful and I applaud sharing this explanation. However, observe how it also exemplifies 1) #securityonepercent capabilities and 2) the inherent asymmetry of offense over defense. Consider all that must be committed to defense to make this investigation possible.
Let's quickly look at how Defenders can benefit from tools like Chainsaw, Sigma, docs from KAPE & Velociraptor, and Security Onion 🕵️♂️
We'll use real, shady data - fresh out the kitchen 🧑🍳
Along the way, I'll share some tips and shortcuts to cut faster through data and logs
🧵
I coined “prevention eventually fails” in 2003-4 because I saw highest-end adversaries achieve any goal they desired, given adequate resources & time. Let’s hope victims are either in the #securityonepercent or have access to that level of third party assistance eg @Mandiant etc.
Today we're publishing a detailed technical writeup of FORCEDENTRY, the zero-click iMessage exploit linked by Citizen Lab to the exploitation of journalists,
activists and dissidents around the world. https://t.co/RYsqpTHF5j
If you’re saying “but #log4j attacks my #NSM system,” I addressed that concern in my first book in 2004. I remember the exploits against Real Secure, Snort, various AV, etc. It’s cost-benefit, and if you’re #securityonepercent enough to have this problem, there are mitigations.
If your (admittedly #securityonepercent) blue team only acquires data for detecting a new vuln after your vendor updates their sigs or other code, you might want to reconsider your collection methods. #networksecuritymontoring is built to address what you don’t yet know is bad.
🤣 Just what the #securityonepercent might be able to use, while the 99% suffers, as always. Elements of offsec are so detached from the consequences of their actions that organizations should factor them into their risk models.
https://t.co/HQg2ZMbhXB

@DAlperovitch In other words, they are in the #securityonepercent per https://t.co/UqXzmLDZu2 and as a result can operate in a manner and support capabilities, generally offensive, which are net negative for the 99% https://t.co/E8Gg7l38Fv
It’s nice to see discussions of the concept of the #securityonepercent, and the consequences suffered by the other 99%, as we approach one year since I explicitly blogged about it: https://t.co/UqXzmLDZu2 Don’t forget the sequel either: https://t.co/E8Gg7l38Fv
Last year, one day after a “security researcher” released a PoC on GitHub, criminals used it to breach the Census Bureau. I’m not listening to anyone who blames the victim. It’s obvious PoCs like this are *net negative* for everyone. Only the #securityonepercent see any benefit.
Pls see my thought exercise post on the #securityonepercent for my related ideas. https://t.co/UqXzmLDZu2 We’re approaching one year since that post. Perhaps #infosec is slowly accepting my follow-on proposal: https://t.co/E8Gg7l38Fv
The sad truth about work is that 97% of the victims don’t have a blue team, no SIEM, no SOC and don’t monitor Twitter for new threats
They have an admin or IT service provider that manages users, mail boxes, installs printers & once in a while a new AV
Last Seen Hashtags on Sotwe
clearstone女仆装
Seen from United States
รุ่นนี้ไม่ทำให้ใครผิดหวัง
Seen from Thailand
MondayMotivation
Seen from Algeria
alphacouple video
Seen from Italy
DUDAEXIT
Seen from United States
nolimit()****** filter:videos
Seen from United Arab Emirates
자위
Seen from Korea
MonkeDemonz
Seen from United States
ensestarkadaş
Seen from Turkey
nolimit() filter:videos
Seen from Australia
Trends for you
Most Popular Users

Elon Musk 
@elonmusk
240.7M followers

Barack Obama 
@barackobama
119.2M followers

Donald J. Trump 
@realdonaldtrump
111.7M followers

Cristiano Ronaldo 
@cristiano
110.9M followers

Narendra Modi 
@narendramodi
107M followers

Rihanna 
@rihanna
97.7M followers

NASA 
@nasa
92.2M followers

Justin Bieber 
@justinbieber
91M followers

KATY PERRY 
@katyperry
87.8M followers

Taylor Swift 
@taylorswift13
81.7M followers

Lady Gaga 
@ladygaga
73.2M followers

Virat Kohli 
@imvkohli
70.2M followers

Kim Kardashian 
@kimkardashian
69.9M followers

YouTube 
@youtube
68.7M followers

Bill Gates 
@billgates
64M followers

Neymar Jr 
@neymarjr
62.9M followers

The Ellen Show
@theellenshow
62.4M followers

CNN 
@cnn
61.9M followers

Selena Gomez 
@selenagomez
60.9M followers

X 
@x
60.8M followers







