Olivia
Online
PageinSec
@pageinsec
Geek, researcher, teacher.
Sec+, eJPT.
Statements, etc are my own.
Follow/like != endorsement
IANAL, don't do illegal stuff, etc.
Joined May 2014
1.4K Following
448 Followers
442 Posts
Great info. I would add 1) if a leet style code question comes out, really think about if that's the kind of place you want to be and 2) consider whether take home stuff has crossed into free work territory, you're interviewing not consulting.
Interested in interviewing in the Detection & Response field? I made an informational guide on how to approach interviewing to make all our lives easier ✨
https://t.co/tNq0KSZ2UI
@mzbat will be joining us on #brakeSecEd #twitch stream this weekend to discuss hiring... this thread is telling of the fuckery that is #infosec and #cybersecurity right now. https://t.co/GFqo37WZoO
https://t.co/LkCK7etQfy
https://t.co/wQSCqQOoAd
@techyteachme @KyleBailey22 @kwm Thanks for sharing @techyteachme! And @simonekrausora1's blog is awesome, great find.
Who to follow
Benjamin Spence
@bSpence7337
@[email protected] #RedTeam4Life #LethalForensicator fictional character 🥸 Ally of all (He/His/Him) #BLM #TheConCrudIsReal
pirate.moo 
@apiratemoo
\x6d\x6f\x6f\x62\x69\x74\x63\x68
I break things for a living. Opinions are my own.
Jim Nitterauer 🇺🇸
@JNitterauer
Husband, Dad, InfoSec enthusiast. CISSP, CISM, Speaker. Ethical Hacker. @BSidesLV Staff @ITENWired Guitarist | https://t.co/vfVVLK6fWv | https://t.co/aO6JzH3ilm
One of many great talks at the summit
Hello to all the new folks! I had a blast presenting at this year's SANS Blue Team Summit & wanted to show off @MindsEyeCCF's amazing graphic of my talk!
In this thread I'll include detection opportunity pseudo-analytics I mentioned, and also link to additional resources! 🧵
6 months ago, I started working on a way to better map the #ransomware ecosystem and its evolution, including rebrands.🔎
I am really happy to share this handmade cartography, which is based on @orangecyberdef resources, #OSINT and reverse engineering.
➡️ https://t.co/cKK57AM07f
NEW in my series on the fundamental problems with age verification legislation: If platforms are required to have your government IDs and face scans, hackers and enemy governments can access them too https://t.co/iPWpFiEgSh
Why user enumeration is important --
We can think of a login attempt like this:
username + password = [successful login]
-At a large organization, we can be pretty sure that at least one account will have a weak or common password (Spring2023, Ilovemyjob2023!, etc).
-This makes it a problem of finding the right username rather than the right password
So if we instead view the 'password' as a known value (within probably 100 passwords), we only have one variable to solve:
username + 'Spring@2023' = [successful login]
The username is the hard part to find, not the weak password, which we can assume exists in many (most?) AD environments.
If we can enumerate valid users, then we can reduce our list of attempted usernames per-spray from an order of 10,000,000+ to 1,000 or so. Password spraying 1,000 known valid accounts is much faster than 10m unknown. Enumeration is an investment on your password sprays. You invest time up front enumerating, and you are paid back with targeted, fast sprays down the line.
If we reach 100% user enum (improbable), what are the odds that at least one AD account has a bad password set, that falls in the top 100 most common passwords list?
The more time spent spraying, the more passwords an attacker can cycle through, and user enumeration is the key that allows them to do it in a timely manner. In a matter of months, an attacker could easily go through a top 500 passwords list with a targeted list of users. If user enumeration wasn't possible, it would increase the time investment of an attacker substantially, and likely render the attack unfeasible.
User enumeration doesn't have to exist. It's an unnecessary design choice.
Hoping FCC listens to the overwhelming supportive public record on modernizing Erate firewall coverage . This is national problem 4 ALL schools. https://t.co/wJ2TS0Nnre @CoSN @JRosenworcel @SimingtonFCC @BrendanCarrFCC @GeoffreyStarks
@SiliconShecky It's very difficult. At some point, you can eyeball things fairly well. I switched from MFP to Lose It, and I actually like it better. Logging food is a PITA. If you aren't into specifics, I find just doing calories easier a lot of the time.
Should not have laughed at this, but I did.
Today it was reported the United States has allocated $44,000,000 for their annual cyber defense budget.
They have successfully allocated enough funding to purchase VirusTotal Enterprise, a few RecordedFuture licenses, and have installed CarbonBlack on 4 computers
Finally published my methodology for implementing Microsoft Defender ASR rules
https://t.co/EYCdwtmyYn
I wrote it down over a year ago and modified it for my blog 6 months ago thinking I'd improve it. With kids, Alaska move, etc, it never happened... so feedback appreciated! :)
Waiting on OpenSSl project like
Who’s ready for day 1?
The eastern hognose snake will flatten its entire head to look like a cobra or flip belly-up and pretend to be slowly dying if you're looking for pointers on how to get out of a meeting just saying
@KeirstenBrager There aren't adequate words. Condolences and prayers for all of you.
Lots of interesting talks at @HouSecCon this year (yes I did delete previous because of dang autocorrect)
The #LOLBAS project's website now provides automatically updated feeds containing all entries part of the project!
🆕 .JSON file with the project's data set as data objects
🆕 .CSV file with the project's data set, broken down by command
Check it out!
👉 https://t.co/mDyGq8ECoJ
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.6M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.2M followers
Justin Bieber
@justinbieber
90.9M followers
KATY PERRY
@katyperry
87.6M followers
Taylor Swift
@taylorswift13
81.4M followers
Lady Gaga
@ladygaga
73M followers
Virat Kohli
@imvkohli
69.8M followers
Kim Kardashian
@kimkardashian
69.8M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.9M followers
Neymar Jr
@neymarjr
62.5M followers
The Ellen Show
@theellenshow
62.4M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.7M followers