b

after today’s ruling, I don’t want to see any events or cons mentioning the words diversity or inclusion if they’re taking place in a state which does not guarantee abortion access. doing so is now explicitly exclusionary against people with uteruses. support our rights or stfu.

Blue team folks... we have to talk. It's awesome that you're logging. That's the first step. Now here's the cool stuff to look for that the vendor didn't tell you about. 1

The challenge is to constantly push yourself to think about the specific question after the broad question. "Is it malicious?" "Did the attack succeed?" "Was there lat movement/exfil/cred theft?" All those questions are too broad to answer as they are stated. 11/

Check your assumptions with security logging. Are you actually getting the logs? In the format you expect? From the number of agents you have? Alerts aren't enough you need eyes-on periodically. A lot can go wrong.

TFW when the InfoSec community publishes information that your patch is broken and it takes you 2 days to create your own advisory, and then 1 more day to crib workarounds that they’ve already published, and then you keep getting parts wrong, and you still don’t have a patch out.

All cyberattacks are sophisticated, just as all the children in Lake Wobegon are above average.

There's often interesting public discussion about vendor detection tools and what they detect vs expectations. There's some interesting decision making that happens behind the scenes at these vendors when it comes to how they manage detection signatures. A thread... 1/

Within the ransomware hunting team, we often joke about what new "innovative" ways people will claim to be the next big fix for ransomware. One of these 8-year-old running gags kinda turned into a real recommendation recently: Changing your keyboard layout to Russian.