Olivia
Online
Daniel Stinson
@shellcromancer
Building a new product! Used to do security engineering @ Brex, and Cloudflare. Dogs are better than people.
Austin, TX
Joined June 2018
3K Following
1K Followers
407 Posts
Pinned Tweet
Check out https://t.co/AWCYTCFBh5 - we want to crowdsource a list of vendors who don't prioritize high quality, widely available audit logs. We started with a list of apps we're focused on but happy to take issues/PRs for logs you're focused on: https://t.co/9nmVI91p6z
🧵 Have you ever been trying to ingest audit logs as a security engineer and been frustrated by the quality and cost of the logs?
Well so were @shellcromancer and I, so here's an attempt to get them to prioritize the security engineer as a core customer: https://t.co/X2zKuuDQjW
I wanted to address the speculation about the recently introduced Device Bound Session Credentials (DBSC) security feature in Google Chrome.
Does it help increase the security of session cookies against infostealer malware and MFA phishing?
The feature has been available and enabled by default since the Chrome 146 update (April 2026), if you're running Windows with a hardware-backed TPM security module (macOS support is coming in future updates).
DBSC allows the browser to upgrade session cookies from long-lived to short-lived, requiring the browser to refresh them approximately every 10 minutes to maintain access to the user's account.
> Does DBSC prevent account takeover by threat actors using a stolen session cookie obtained from the user's browser via infostealer malware?
Yes (kind of). The extracted session cookie will be valid for up to 10 minutes from the time it is extracted. The attacker will be unable to maintain long-term access to the user's account. Still, the timeframe may be sufficient, for example, to exfiltrate the inbox if the attack is automated. The attacker cannot refresh the short-lived session cookie because it requires the private key (stored in the TPM) assigned to the account to sign the challenge. The malware cannot access the private keys stored in the TPM.
> Does DBSC prevent account takeover by threat actors during a phishing attack?
No. Servers need to provide legacy support for the browsers that do not yet support DBSC. By default, the server registers and sends a long-lived session cookie to the browser. If the server supports DBSC, it will announce the DBSC API endpoint URL in the `Secure-Session-Registration` HTTP header of the response packet that contains the long-lived session cookies.
Only after the short-lived session cookie is registered via the DBSC API endpoint is the long-lived session cookie invalidated.
When the attacker removes the `Secure-Session-Registration` HTTP header retrieved from the server during a phishing attack, the browser will continue using long-lived session cookies and assume the server does not support DBSC. In short, removing that HTTP header while proxying traffic during a phishing attack allows the attacker to maintain long-term access to the user's account using the stolen long-lived session cookie.
I hope I've managed to clear up some confusion.
On a related note, you will soon be able to simulate phishing attacks against Google Workspace accounts (and other websites) that bypass DBSC and MFA protections using Evilginx Pro with the Phishlets 2.0 update.
I don’t even think any major MDM provider has purpose built configuration for Passkey Attestation? Don’t see a way to do it at all with Iru.
Might work with custom declaration profiles in Jamf and Fleet 🤔
This. Apple released Declarative Device Management in 2021, then in 2023 they released enterprise passkey attestation to prove a passkey registration comes from a managed device. Only way you can do it is with DDM…
But Apple Business MDM from 2026 doesn’t support DDM :(
So Apple now has its own MDM "Apple Business". I would've expected it to use all the modern new Apple features like Managed Device Attestation for enrollment and Declarative Device Management.
But nope. It's just shitty Configuration Profiles + SCEP
Who to follow
Chris Beckett
@cbecks_2
Infosec and the Green Bay Packers. Interested in all things DFIR, Detection Engineering, Purple, and CTI. Opinions are mine, certainly not those of my employer.
Silas Cutler (p1nk)
@silascutler
You may know me from your logs
Principal Security Researcher @Censysio
#Threats / #CTI / #Malware / #Hacking
avallach (@[email protected])
@xorhex
🇺🇦Malware Researcher 🇺🇦
Tweets are my own and do not reflect my employer.
On Mastodon as @[email protected]
Creator of https://t.co/woQLhjSmV0
@deno_land Does this also improve performance for the Deno.serve APIs? 👀
@XavierRiveraX @RGB_Lights To all *Windows users… hopefully macOS Chrome and alternative browsers follow quick!
The industry has seen an unprecedented wave of supply chain attacks over the past few months. That's why we built Bumblebee, a lightweight security scanner that continuously monitors endpoints and hunts for malicious packages.
Bumblebee has been a critical asset in keeping @perplexity_ai secure, and we're thrilled to open source it for everyone.
We're also using Perplexity Computer to monitor public threat intelligence feeds in real time and update the Bumblebee repo as new threats emerge. Excited to share this with the community!
[1] https://t.co/PSGgV8GgSY
[2] https://t.co/Pk4L7jTLjc
@Cloudflare Zero Trust should add examples on how to enforce Anthropic Tenant Restrictions [1] with Cloudflare Gateway 👀
Seems like it's possible with Gateway Tenant Control [2] policies but not in either Cloudflare or Anthropics docs
cc @Encore_Encore @dok2001
@rjonesy https://t.co/KfPJmZ27uL
@cramforce Eager for it to move from Windows to macOS. Will be huge if @webkit & @mozilla can agree to ship.
Other browser engine tracking issues linked here: https://t.co/xmLKgSXrqm
🚀 Big news: Socket has acquired Secure Annex.
John @tuckner is joining the team, and we’re excited to expand our coverage across browsers, code editors, and AI tools.
Read more → https://t.co/QqMNrnRfXO
Today we're announcing that @secureannex has been acquired by @SocketSecurity! Supply chain security is a deceptively wide problem from open source code to browser extensions. Developers and IT teams can't stop it from impacting their organization alone.
https://t.co/kePpldpa6A
@chenliw Yes! The admin knob is @ https://t.co/exIw4IJt4q
End-users can "Request Access" in the blocked page during the consent flow. Without a custom Activity rule in Alert Center no one is getting alerts when users ask for apps. 🤦♂️
Is it expected that Google Workspace admins don't even get notifications when users requests apps? Seems incredibly silly there is no notification mechanism for this...
Pretty easy to make an Alert Center rule but these sort of things should be on by default!
Spent my Sunday evening doing this - recommended for all Google workspace admins!
Also go to https://t.co/k39FV311gx, select OAuth log events, to see what else is getting rejected. Can pull OAuth client IDs from the logs to allowlist.
Google should really make this easier!
@zeddotdev search in preview 🔎
https://t.co/PFWiZIREtg
> The refactor itself typechecks conceptually;
Name that Agent!
Big day: toddler’s first data breach!
We at @cotoolai are stoked to announce our $7.4m fundraise from @a16z .
Offensive cyber operations are now JIT code; we started Cotool to give defenders their leverage back.
Grateful to everyone who took the bet early, especially @koomen @garrytan @MaikaThoughts @zanelackey.
Today we're introducing @usefiretiger. You and your AI agents write code. Firetiger makes sure it works.
Our team and I have plenty of incident war stories building @Cloudflare, @segment, @Twitch. In the agentic coding era, the volume of code changes + quality issues in prod is ever increasing, but observability vendors aren't incentivized to close the gap. They make money when you write more data to them, not when your software actually works.
Firetiger is the agentic operations layer for the agentic coding era. We combine production observability data, codebase understanding, and knowledge of your business to find problems before your customers do and fix them before they notice.
We've raised $7.6 million led by @sequoia with participation from angels who believe in better software, including @eastdakota, @calvinfo, @NicoRosberg, @dok2001, @jeffawilke, and @alanaagoyal.
You can sign up for @usefiretiger today, self serve. We charge for agents that directly make your software better and more reliable, not for observability data ingested, with plans starting at $599/month.
Observability is dead. Long live outcome engineering.
Last Seen Users on Sotwe
عادل للكوبلdz
Seen from Turkey
Grandmaa penetrate by horny boy
Seen from Turkey
mom santi
Seen from Singapore
💥💥💥DAMLA💥💥💥
Seen from Turkey
سكس ليبي (زباب ليبي )
Mê Cac Trai
Seen from Vietnam
5 STARS HACKER 🌟
Seen from Italy
pyt enjoyer
Seen from United States
STW KU
Seen from Singapore
boş yapmayın işinize bakın
Seen from Turkey
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers