Olivia
Online
plug
@plugxor
Your atypical security enthusiast | DFIR | Threat Hunting | Detection Eng | Insider Threat | Making content at The Blue Team Village | Opinions are my own.
Joined January 2013
912 Following
1.4K Followers
1.6K Posts
@ImposeCost Congrats, keep empowering folks and shaping TI at Google!
@ImposeCost Nah, I been giving coins at conferences for years. I remember sending one your way a few years back via @ItsReallyNick
I don’t get challenged that often but doesn’t matter. Ultimately, I make my coins and I get to choose how and to whom to give them!
There are individuals that you meet in your life that leave a mark, not just for their kindness & care, but for their humbleness & friendship. @d0ublebind is such individual and more!
Please consider donating and send him lots of love ❤️
https://t.co/8OPT1rymZW
#FuckCancer
@gnuowned Muchas felicidades, les deseo lo mejor del mundo!
Who to follow
Grifter 
@Grifter801
Threat Hunting & DFIR, Hacker, Geek, DEF CON & Black Hat CFP Review Board Member, DEF CON Contest/Events/Demo Labs Dept. Head, Black Hat Staff, DC801 Founder
Recon InfoSec
@Recon_InfoSec
Managed Security Operations #MSO provider serving gov't, enterprise and critical infrastructure
Blue Team Village
@BlueTeamVillage
Defensive side of the hacking mirror 🛡 Thanks Blue Sponsor @Graylog2! https://t.co/p5ax1RhuPS & Mastodon: https://t.co/464Coi7X18
@Cyb3rWard0g ¡Felicidades!, con todo y siempre para adelante , saludos Roberto!
@Cyb3rWard0g Felicidades Roberto!
Te deseo lo mejor en tu nueva aventura profesional, saludos!
If you are looking for very skillful, knowledgeable, and great human beings for your Red Team, please consider @Salbei_ and @Micheal_merrill
I worked with them for many years and with confidence can say that your team will greatly improve with them!
Some of the people who are looking include @Salbei_ & @Micheal_merrill
I’m also happy to forward leads to the team
@jrozner What an amazing journey, thank you for all the hacks and epic stories, you all transformed and left a mark in the org!
@ImposeCost Doubt it, he is about to make lots of $$ with his WLFI business aided by the new crypto regulations with the creation of DOGE. He is a businessman man first; we all know it.
Last year we used JuiceShop with a twist during our CTF. If you want to learn more about bug bounty and app security Juice Shop is a fun way to get started!
Join the shared User Day of @owasp #DSOMM and #JuiceShop on Sep 25th, the day before @appsecusa San Francisco 2024! The agenda includes intros, demos, workshops and even a live CTF:
https://t.co/B5Od0l6jHh
Register now on https://t.co/3eaGVveR2k because seats are very limited!
This, get familiar with your logs and how they can help you find this much more practical and likely scenario.
Then, have a documented plan on how to respond and mitigate!
For anyone worrying about this, I’d like to hear how you were already handling a near identical attack that didn’t require this vuln:
- steal Yubikey
- login
- returns key WITHOUT cloning it, because 1 session is enough for most objectives
Same attack flow.
If that wasn’t already part of your threat model, why is this?
If it was part of your threat model, how do your existing defenses not already handle the vuln? (I can think of a few, but none that apply to most of the people who are concerned)
This should change very little for most people.
@ImposeCost We have this type of conversations in the form of Panels at @BlueTeamVillage. If you are down, we can organize something for next year!
@obnoxious4n6 Congrats, keep on rocking!
@Cyb3rMonk Neither!
A detection needs to trigger as close as possible to real time and should be as high confidence as possible, anything else needs further review and/or tuning!
Just in case, not bashing on them. Things happen and we all learn from them. But it was a good opportunity to highlight the choice of words on the tweet. The report released lacks the details many us were probably expecting, but is short and on point for what it is.
Great use of the word likely in context of an investigation for which data may not be conclusive. When not fully sure, likely is a good word to choose.
Their 2nd tweet tells the story, it was 2FA, the lack of it, plus “likely” an easy to guess password…
Kudos for the report!
We have finished our investigation into last week's Mandiant X account takeover and determined it was likely a brute force password attack, limited to this single account.
@jfslowik There is a great documentary on both Concorde & TU-144 detailing the spionage that took place & the failures by the RU
Unlike the TU-144, the Concorde demise is linked to 911. On 911 the revised, post accident Concorde flew 4 the 1st time. Upon landing the crew learned of 911!
Last Seen Users on Sotwe
ArunmozhiVarman 🇮🇳 🕉🚩🛕🎻🎧🎙🎶
Seen from Singapore
Her Türlü Video
Seen from Turkey
العمة ناني🇸🇦
فحل سوداني في الطائف
Seen from France
Bokep Vibes
Seen from Indonesia
อยากดูหีเด็ก
Seen from Thailand
Danielzinho 🇧🇷
Seen from Panama
Pasutrismrg86
Seen from Singapore
Rafieko
Seen from Indonesia
ImMadas
Seen from Indonesia
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers