Olivia
Online
Jake Williams
@MalwareJake
Breaker of software | VP R&D @hunterstrategy | CTI/DFIR | @ians_security faculty | Bookings: jake at malwarejake dot com | GSE #150 | He/him
Odenton, MD
Joined September 2009
1.8K Following
149.3K Followers
101.8K Posts
ย Pinned Tweet
Let's not mince words:
* If you don't support trans people, you're a bad human
* If you have to add caveats to your support (e.g. "as long as my kids don't see"), you're one of the worst kinds of human
* Trans deserve your *unconditional* support for their humanity
My top 5 men IMHO in cybersecurity who support and mentor women: @RayRedacted @MalwareJake @robertgraham @TheOnlyMike_E @HackingDave Thoughts or post your own list ๐
@PrincessNyinah Yes, because they have telemetry.
Dear app developers,
I have never had the desire to review an app. Prompting me to leave a review doe not make me want to do it any more. Making me click multiple times to dismiss your "nudge" and get back to using the app just makes me want to uninstall it.
Sincerely,
Every smartphone user ever
Who to follow
Jack Rhysider ๐ดโโ ๏ธ
@JackRhysider
Creator of @DarknetDiaries.
Tell me a good hacker story. ๐ป๐ฆโคต๏ธ๐ฐ๐ณ๏ธ
Discord: https://t.co/qxanMuJ5X2
vx-underground
@vxunderground
The largest collection of malware source code, samples, and papers on the internet.
Password: infected
Snow
@_sn0ww
Your friendly neighborhood Con-Artist | @sec_defcon Co-Founder | 3x Black Badge | Trainer/Keynote |๐@jc_socal | She/her ๐ณ๏ธโ๐
This is absolutely amazing. This non-profit printed out the Epstein files (at least those released to date) and made a reading room that they're bringing to DC.
Totals 3437 printed and bound volumes. I donated to keep this very important project going.
https://t.co/gIn9HISzSt
@MikeTalonNYC Mine will have flames so it looks like I'm going fast.
I am officially old :(
@techspence @MalwareJake did a talk 10 years ago about similar priv esc on Linux using cron, scripts with weak permissions, etc. Always useful and often forgot about. I still go back to it every once in a while https://t.co/XWUhGW4gtj
ZOMG after I wrote this about another app while on hold with a customer service rep, I got off the call and Google asked me to review the *phone app* - an application that I cannot uninstall - on a Pixel, their own freaking hardware.
The Jetsons promised me robots and flying cars, not this...
Dear app developers,
I have never had the desire to review an app. Prompting me to leave a review doe not make me want to do it any more. Making me click multiple times to dismiss your "nudge" and get back to using the app just makes me want to uninstall it.
Sincerely,
Every smartphone user ever
Woof. Insider threat anyone?
ai layoffs are getting out of hands so I built โI GOT FIREDโ button ๐จ
one click, and it makes entire company codebase public, pushes .env secrets to public repo, drops staging db and finally notifies my lawyer ๐
I hope I never need it but itโs ready ๐๐ป
I wrote this in response to a reply, but wanted to share it more generally. Many years ago, when I was starting in security, I was involved in a situation with a podcast where I was being mistreated in a very gendered way. Literally, the man who had done the same thing faced zero consequences, whereas I was banned from the premises and no longer allowed to work on the show. @strandjs was the only person involved who stood up for me, and even pointed out the gendered discrimination of it all. That meant a lot to me.
Hey infosec folks, if you don't mind... can you give this a read?
I still have mad respect for @shenetworks
I still have mad respect for @BHinfoSecurity
Two things can both be true.
I'd like to share some info about my departure from BHIS
๐งต
Yea, I'm less willing to assume someone was trying to hurt anyone, more the ball was dropped somewhere and legal needed a cop out.
People were likely harmed due to bureaucratic nonsense and unfulfilled paperwork adjustments. Not a good look for anyone, worthy of a reputational hit when it happens.
Which is why testimony like this is needed. Getting folks to stop assuming bad intentions, like myself, is going to require this kind of input.
I've seen some of the things behind the scenes that John and BHIS have done for employees over the years.
FAR above and beyond most firms even multiple times their size. I know several employees John bent over backwards to accommodate who would have been released anywhere else.
There has been a lot of talk about BHIS and our maternity and employment policies.
Please check out the following site for more details.
https://t.co/guIv8SkZV5
Thanks!
I laughed so hard at this that I snorted more than once.
https://t.co/2ckhok5z62
Malicious compliance.
A marketing director discovered that P1 Critical tickets have a 15-minute response SLA.
He started logging all his routine tickets as P1.
Yesterday he submitted a P1 because his wireless keyboard needed new batteries.
According to our enterprise SLA, P1 incidents require an immediate, continuous all-hands bridge call until resolution.
He submitted the ticket at 11 PM.
I initiated the emergency bridge.
Our automated system dialed his cell phone, his desk phone, and his emergency contact.
It woke up his wife.
He joined the call in a panic, asking what was on fire.
I told him we were assembled to resolve his critical keyboard outage.
I asked him to describe the battery compartment.
He hung up.
Our SLA policy states that if the user disconnects from a P1 bridge, we must call them back immediately.
I called him back.
He asked me to downgrade the ticket.
I told him P1s can only be downgraded after a post-incident root cause analysis.
He buys his own batteries now.
Georgia: where they know how to spell Walmart, but not Saturday...
@CapitalOne called to "verify my information" and then got belligerent when I wouldn't. I asked for a publicly verifiable phone number I could call, instead they gave me an 800 number not on any Capital One website. But somehow *this* is on Capital One's website. Please make it make sense...
Tired of phishing? Not getting results with brute force?
Just exploit a mid-tier app role, add a federated domain, forge a SAML token, and you're a Global Admin.
This is the Entra ID attack path that should be keeping security teams up at night.
Full breakdown on the Hunter Strategy blog: https://t.co/N0qyngu3Lp
#EntraID #IdentitySecurity #CyberSecurity #InfoSec
Sad to see an org I was so involved with for so many years taking nearly $500k in blood money from ICE. Seriously disappointed with @SANSInstitute today.
I get that the economy is bad and sales are hurting. But taking money from ICE is *a choice*.
https://t.co/6qHotBZWC5
@c7five @SANSInstitute There's a world of difference between "picking a fight" by refusing registration from ICE and pursuing the award of a sole source contract.
Last Seen Users on Sotwe
Kaeelen Garcia
Seen from Indonesia
ุญุณูู ุงูุนุฑุงูู
It'z Jose Random's Art'sยฒ
Seen from Brazil
Random Squirter
ุฒูุฌูู
Hottgirl pawn. DM for Promo.
Seen from Indonesia
ุดูู
ูู ุนุฑุจู ุงููู ูุงูู
Seen from Netherlands
ๅฐๆๅฟ
Seen from Canada
Blackgod
Seen from Pakistan
์ฌ๋ฆ, ์๋ฆ
Seen from Korea
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers