Ronnie Flathers @ropnop
security engr, pentester, researcher. i sometimes blog and code based on motivation/caffeine levels. Principal Security Engineer @Marqeta blog.ropnop.com Chicago Joined October 2013-
Tweets2K
-
Followers6K
-
Following910
-
Likes4K
Huge shoutout to @ropnop on this article blog.ropnop.com/talk/2020/dont… of SOP, CORS and CSRF. I don't know how many times I have referred to this blog to make sure I understand these concepts properly. Looking forward to more of these.🙌
🚧 AWS Perimeter Mod for @steampipeio An AWS perimeter checking tool that can be used to look for resources that are: * Publicly accessible * Shared with untrusted accounts * Have insecure network configurations + more github.com/turbot/steampi…
100% best group of attendees and conversations I’ve ever had at a con. So many great people it was awesome meeting you all!
Yes great talk!! Tons to unpack and think about how to “productive” security more
Yes great talk!! Tons to unpack and think about how to “productive” security more
Brilliant talk from @coffeetocode on bonding security to developer productivity.
When it literally rains on your parade at @LocoMocoSec with @ropnop @SammyHep @ndm @h4ck3rky13 and @coffeetocode #stillHavingFun
Aloha @LocoMocoSec 😎 so excited to be here - have wanted to attend this con for a long time! Really looking forward to learning a lot, talking prodsec and meeting new friends. Anyone else gonna be here? And can’t wait to catch up @coffeetocode been too long!
So this is a bad/crazy idea right? Maybe? I hacked together a valid OpenPGP entity that uses AWS KMS backed signing and encryption keys. Idea was to use PGP without actually needing to handle key data or mess with gpgagent/pkcs11
Finally decided to post 10+ years worth of notes on using ldapsearch - it references great work from @ropnop @agsolino @harmj0y and @YuG0rd malicious.link/post/2022/ldap…
@KringleCon @edskoudis ready when you are :)
🥳🎉 We are happy to announce that sigstore is now an @theopenssf project! 🎉🥳
What's the current take on format preserving encryption (FPE)? I'm not super familiar with it, but the more I research it seems like it's probably not the best idea unless you *really really* have to?
Oh this neat! Seems like this will also lead to better experience developing in a multi-module monorepo with needing something like Bazel
Welp that wasn't too hard. Minisign's spec is pretty easy to implement. Can now minisign things with ed25519 keys stored in Vault (and eventually other kms's). Might opensource it if i can clean it up and generalize
Welp that wasn't too hard. Minisign's spec is pretty easy to implement. Can now minisign things with ed25519 keys stored in Vault (and eventually other kms's). Might opensource it if i can clean it up and generalize https://t.co/qBGan8dO3d
Let's try something different. The Infosec Industry is a hammer. byt3bl33d3r.substack.com/p/the-infosec-…
Before I go coding something new, has anyone used @HashiCorp Vaults transit engine with ed25519 keys to output minisign compatible signatures? Seems like a great plug-in or feature to have, but I’m pretty sure it wouldn’t be too difficult to wrap the vault api if I have too…
Is there a term for something like “security through obscurity” but for just “redundant security”, or controls that look good at first glance but ultimately don’t solve anything? E.g. hashing passwords client side in a web app before sending over HTTPS to a server
It's great to see GCP include code examples for app-layer, client-side encryption for data stored in MySQL, including how to use the AAD in AEAD to prevent malicious replacement of ciphertexts: cloud.google.com/sql/docs/mysql…
My company is hiring for several security roles (appsec, privacy, cloudsec) if you’re looking for a change! Awesome team and culture, and remote friendly. Come help me solve some really cool and interesting problems! Lmk if you wanna chat DMs open marqeta.com/company/career…
This type of cross-tenant attack against Azure's Cosmos DB is a great example of why you should want client-side, app-layer encryption in your services so that your datastores primarily store ciphertext of any sensitive data: wiz.io/blog/chaosdb-h…
Justin Elze @HackingLZ
65K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
Dave Kennedy @HackingDave
224K Followers 6K Following Founder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Pod. God + Family/Hacker/CSO/USMC/Intel/Fitness. Make the world a better place.
Adam Chester 🏴�... @_xpn_
36K Followers 502 Following Hacker for Hire at @SpecterOps | Blog at https://t.co/tjfTOllCEu | Insta at https://t.co/PqR6CZPwjl
Mike Felch (Stay Read... @ustayready
17K Followers 2K Following Targeted Ops Red Team @ TrustedSec | Hacking since Renegade BBS backdoors | Prior CrowdStrike/BHIS | In Christ's grip | I speak for myself only | K1HAQ
Dirk-jan @_dirkjan
29K Followers 206 Following Hacker at @OutsiderSec. Researches AD and Azure (AD) security. Likes to play around with Python and write tools that make work easier.
Charlie Bromberg « ... @_nwodtuhs
15K Followers 652 Following Trying to hack the way we hack things 🏴☠️
mRr3b00t @UK_Daniel_Card
114K Followers 8K Following Department of Cyber WAR CEO of everyone's email servers!
JS0N Haddix @Jhaddix
167K Followers 7K Following CEO, CISO, Trainer, Hacker, and Speaker. Cybersecurity + Hacking + AI + Sec Leadership @arcanuminfosec
n00py @n00py1
13K Followers 962 Following Retweeter of InfoSec/Offsec/Pentest/Red Team. Occasional blogger/Independent security research.
DirectoryRanger @DirectoryRanger
35K Followers 96 Following This account assembles and disseminates information related to Active Directory and Windows security.
rootsecdev @rootsecdev
26K Followers 1K Following Senior Security Consultant @TrustedSec | Military grade meme poster, researcher, cloud penetration tester, voider of warranties. My thoughts are my own.
Marcello @byt3bl33d3r
30K Followers 561 Following CyBeRsEcUrItY | Not afraid to put down with some THICC malware on disk | securing and breaking AI @PaloAltoNtwks | Ex @spacex
mpgn @mpgn_x64
18K Followers 230 Following Flibustier du net ̿ ̿̿'̿'\̵͇̿̿\=(•̪●)=/̵͇̿̿/'̿̿ ̿ ̿ ̿ Podcast Hack'n Speak @hacknspeak / https://t.co/GyACSFg9mw
Dominic Chell 👻 @domchell
18K Followers 541 Following Just your friendly neighbourhood red teamer @MDSecLabs | Creator of /r/redteamsec | https://t.co/3k3EBAZqGd | https://t.co/KwO2OwDOkl
Filip Dragovic @filip_dragovic
7K Followers 1K Following My research unless stated otherwise. My opinions are my own and do not represent the views of my employer.
🥝🏳️🌈 Be... @gentilkiwi
62K Followers 286 Following A kiwi coding mimikatz & kekeo github: https://t.co/eS3LVgU6i0 Head of security services @banquedefrance Tweets are my own and not the views of my employer
Jason Lang @curi0usJack
16K Followers 201 Following @TrustedSec Red Team lead | Hi-Fidelity trolling | Privacy Enthusiast | Putting the "no" in nano | Avatar: https://t.co/3XHmKR8nCk
Cas van Cooten @chvancooten
10K Followers 673 Following Benevolently malicious offensive security enthusiast || OffSec Developer & Malware Linguist || NimPlant & NimPackt author || @ABNAMRO Red Team
Noah Kuzmish @kuzmish27391
0 Followers 278 Following
CryptoKingKa @manager9268
11 Followers 62 Following #coin8 #CEX #crypto #developer #marcketing #manager #football #future #trader
Kristian Starkloff @StarkesWeb
26 Followers 428 Following Interested in IT Security & Web Development
ilpa @0xIlpa
6 Followers 245 Following
mXgarweg @mXgarweg
0 Followers 121 Following
joe @joe1888881
1 Followers 347 Following
CanYouLearnAtWork @CanLearnWork
0 Followers 118 Following
Davvin @Davvin227212
17 Followers 677 Following
James Gomes @JamesGomes49402
157 Followers 3K Following
yy @n0_crew
0 Followers 119 Following
Norbert @NB1r0
64 Followers 3K Following
NoZe @N0ur2dd1n2
30 Followers 230 Following Building skills the world can’t see............ 🌍 |⏳CRTA⏳|
andrew roberts @andwrobs
168 Followers 506 Following software engineer, technology hobbyist • (re)posts about good software, infra, web, iOS, maps
Jertju @Jertju5411
24 Followers 1K Following
LucyBarrie @8exBfv59o34EIq6
60 Followers 2K Following
Keeamar @Keeamar62130
15 Followers 843 Following
Scott @he2xSxpgFN
0 Followers 567 Following
Ronak Agarwal @ronakgt
58 Followers 230 Following cofounder @ qard... msg me with something interesting!
Tim salvador @timsalvador
19 Followers 357 Following
Mario de Sousa Lima @MarioSousaLima
128 Followers 5K Following
Firef0x @G3suf4l
43 Followers 1K Following
dumiriumX617 @DuvalierMiaf
1 Followers 14 Following
L @BanuelosLe65169
1 Followers 81 Following
sp duck @gahl98
41 Followers 682 Following
GT @gaelletjat
3K Followers 836 Following Legitimately indifferent | Memento mori | Charlize, Gillian and Suranne are Bae. Free spirit. At the intersection between #Infosec , lavender and sports.
Diego Alliano @DiegoAlliano
12 Followers 1K Following
munish tyagi @munishtyagi20
16 Followers 346 Following Technical specialist, Active Directory, Entra ID
Carl Cox @CarlCox455173
1 Followers 77 Following
Ezra King @EKing53251
2 Followers 115 Following
טו מייטו @qv_mo
6 Followers 143 Following
AJ @RaviloAj
9 Followers 179 Following
Mohammad Almusilhi @DaRealMushi
0 Followers 2K Following
Justin Elze @HackingLZ
65K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
Dave Kennedy @HackingDave
224K Followers 6K Following Founder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Pod. God + Family/Hacker/CSO/USMC/Intel/Fitness. Make the world a better place.
Florian Hansemann @CyberWarship
84K Followers 46 Following Father, Founder @HanseSecure, Pentesting, Student, ExploitDev, Redteaming, InfoSec & CyberCyber; -- Mastodon: https://t.co/KFSKYUN98M
Florian Roth ⚡️ @cyb3rops
207K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
Adam Chester 🏴�... @_xpn_
36K Followers 502 Following Hacker for Hire at @SpecterOps | Blog at https://t.co/tjfTOllCEu | Insta at https://t.co/PqR6CZPwjl
Nicolas Krassas @Dinosn
147K Followers 735 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKrW3
ippsec @ippsec
120K Followers 352 Following
Mike Felch (Stay Read... @ustayready
17K Followers 2K Following Targeted Ops Red Team @ TrustedSec | Hacking since Renegade BBS backdoors | Prior CrowdStrike/BHIS | In Christ's grip | I speak for myself only | K1HAQ
Dirk-jan @_dirkjan
29K Followers 206 Following Hacker at @OutsiderSec. Researches AD and Azure (AD) security. Likes to play around with Python and write tools that make work easier.
b33f | 🇺🇦✊ @FuzzySec
33K Followers 1K Following 意志 / Antiquarian @ IBM X-Force / Team 501 / Ex-TORE ⚔️🦅 / I rewrite pointers and read memory / AI Psychoanalyst / Teaching @CalypsoLabs
JS0N Haddix @Jhaddix
167K Followers 7K Following CEO, CISO, Trainer, Hacker, and Speaker. Cybersecurity + Hacking + AI + Sec Leadership @arcanuminfosec
Binni Shah @binitamshah
141K Followers 165 Following Linux Evangelist, Malwares, Security enthusiast , Investor, Contrarian , Philanthropist , Reformist , Sigma female 🦋 https://t.co/WOvf41tMKV
Vincent Yiu @vysecurity
29K Followers 254 Following Director, Red Team, Offensive Security. Help organizations safeguard their businesses from the bad guys.
n00py @n00py1
13K Followers 962 Following Retweeter of InfoSec/Offsec/Pentest/Red Team. Occasional blogger/Independent security research.
James Forshaw @tiraniddo
49K Followers 339 Following Security researcher in Google Project Zero. Author of Attacking Network Protocols. Tweets are my own etc. Mastodon: @[email protected]
DirectoryRanger @DirectoryRanger
35K Followers 96 Following This account assembles and disseminates information related to Active Directory and Windows security.
Jeff Geerling @geerlingguy
79K Followers 5K Following Father, author, developer, maker. Sometimes called "an inflammatory enigma". #stl #ansible #k8s #raspberrypi #crohns #ostomy
Filippo Valsorda @fil... @FiloSottile
46K Followers 1 Following Cryptogopher / Go crypto maintainer / @kateconger-knower / RC F'13, F2'17 / #BlackLivesMatter / he+him https://t.co/ZE4RtJ1xqD / https://t.co/qfth7zr00W / https://t.co/j1grpEm8uR
Internal Tech Emails @TechEmails
583K Followers 882 Following Internal tech industry emails that surface in public records. 🔍
GitHub Security Lab @GHSecurityLab
26K Followers 15 Following GitHub Security Lab’s mission is to inspire and enable the community to secure the open source software we all depend on.
fasterthanlime (find ... @fasterthanlime
31K Followers 353 Following hi, I'm amos! 🍃 they/them 🐿️ co-host of https://t.co/pBmj7XFdNi 🫐 teacher, video maker, software mercenary ✨ be kind, be curious
Coleen Coolidge ☀�... @coleencoolidge
940 Followers 558 Following Pining for a Star-Trek future and leading Infosec. MY OPINIONS. Follow me=spoilers, hiring attempts, work-safe hugs💕 Let the sunshine in 🇹🇼
Leif Dreizler @leifdreizler
2K Followers 2K Following Eng Manager at @semgrep 💻 co-host of @404pod 🎙
Colleen @chaiidaii
129 Followers 57 Following Security professional 🐱💻. Previously at Semgrep, currently at Vanta. she/her 🏳️🌈
Steven Asifo @AsifoSays
813 Followers 688 Following InfoSec |Cyber Instructor | Organizer @LocoMocoSec | Comedian | Battle Rap Fanatic | #BlacksInTech | 🤙🏾Make it fun - Make it Easy.
Adam Schaal @clevernyyyy
898 Followers 750 Following AppSec @awscloud · Research · OSCP · CTFs · Speaker · Husband/Father · Founder: @_kernelcon_ and @defcon402 Organizer: @locomocosec
Joel M. Leo @joelmleo
352 Followers 526 Following Infosec/identity architect oth for my next role. Minmatar for the Winmatar. He/Him. My tweets are my own opinions. On Mastodon as @[email protected]
Sam Hepburn @SammyHep
1K Followers 923 Following (She/Her) Community @tessl_io 🟦, @virtualJUG leader ☕️, Steering for @DevoxxUK 👩💻 & OpenUK Advisor.
Person @ndm
2K Followers 14 Following
Dave Belcher @ukbelch
309 Followers 214 Following Cyber Security Swiss Army knife, veteran, Skydiver, Dogfather. Security Partner @ Big Tech. Sci/Tech geek. opinions are mine.
Travis McPeak @travismcpeak
3K Followers 1K Following Security, mgmt, startups, investing, 🏋️♂️, 🚵. Founder/CEO @Resourcely prev: @databricks, @netflix; He.
Zillow Gone Wild 🏡 @zillowgonewild
615K Followers 11 Following join the zillionaires 🏡. email me wild homes: [email protected]. Subscribe to the Zillow Gone Wild newsletter to never miss a wild home 👇
Dan Lorenc @lorenc_dan
11K Followers 2K Following OSS Supply Chain Security. Founder/CEO/Primary Ariba Admin at https://t.co/sGmuUU9JbG Sigstore: https://t.co/dWKlyYu6kv
David Trejo @dtrejo@i... @ddtrejo
564 Followers 104 Following Eng @ https://t.co/EAIj9F2lEW. Past clients @CreditKarma @Aconex @Triple_Byte @NeoInnovate @BrownCSDept @Voxer @Cloudera @VAVetBenefits. Opinions mine.
Baseball Pods @baseballpods
6K Followers 3K Following I'm Chris. I listen to a lot of baseball podcasts - mostly fantasy - and highlight the best stuff for you.
Daniel Bryant @danielbryantuk
15K Followers 3K Following Building platforms @Syntasso | News/Podcast @InfoQ | Web 2.0 coder, platform engineer, Java Champion, CS PhD | cloud/K8s, APIs, IPAs, running | learner/teacher
Colm MacCárthaigh @colmmacc
35K Followers 2K Following VP / Distinguished Engineer at Amazon Web Services. Also: Open Source and Apache, Cryptography, Irish Music, mediocre Photography.
Chainguard ⛓️ @chainguard_dev
6K Followers 117 Following The safe source for open source (& memes). Secure your software with zero CVE container images!
Joe Beda @jbeda
47K Followers 1K Following Semi-retired technologist. He/Him. Stepping away from Twitter. Signal: jbeda.99 Bluesky: https://t.co/lhuhgjKJbf
Kinnaird McQuade 💻... @kmcquade3
6K Followers 2K Following Chief Security Architect @BeyondTrust. Follow for AI, Hacking, Startups. Founded @NightVision_inc. Ex @Square, @Salesforce 🇵🇭🇺🇸
Crypto Bros Taking Ls @CoinersTakingLs
402K Followers 51 Following Documenting The Other Side Of Crypto | DM for Submission. 💬 | ran by @sociablebarely
sigstore @projectsigstore
4K Followers 1 Following sigstore is a non-profit , public good software signing service funded under the OpenSSF. https://t.co/HYGAJ06Z11 [email protected]
sinusoid @the_bit_diddler
2K Followers 2K Following
Jb Aviat @JbAviat
1K Followers 442 Following Democratizing security at @datadoghq. Former @SqreenIO CTO & co-founder. Former Apple security team. Kind.
Sophie, indistinguish... @SchmiegSophie
7K Followers 570 Following Leading Cryptography (ISE) at Google. Algebraic Geometer. All opinions are my own. Schatzführerin des Oxfordkommakomitees. @[email protected]
Justin Bui @slyd0g
4K Followers 345 Following I break computers and skateboards | red/blue/whatever let's make security better | Offensive Security @Snowflake | Prev @Zoom @SpecterOps
OpenSSF @openssf
6K Followers 29 Following Open Source Security Foundation (OpenSSF) https://t.co/uUpbn44G4Q Together, we're securing the #opensource ecosystem #OSSsecurity https://t.co/adjLU8dbk0
Darren Shepherd @ibuildthecloud
30K Followers 262 Following Building awesome agentic experiences. Co-Founder @Obots_ai Formerly @Rancher_Labs. k3s Creator. Member of The Church of Jesus Christ of Latter-Day Saints
the_storm @the_st0rm
4K Followers 948 Following Security Engineer @Meta, Ex @Lacework, @Deloitte, @SecForce_LTD. CTFer with LCBC, vulnerability researcher and exploit dev. Opinions are my own
Hella Secure @HellaSecure
703 Followers 426 Following Aaron Lord. He/Him. Coffee ☕️ secure code 💻 Metal 🤘🏻Games 🎮 Views are my own.
ray @Raybeorn
583 Followers 321 Following Life Coach, Conspiracy Theorist, and Absurdist. I do AppSec in my non-spare time for money. My opinions are now your opinions, but at least you are now right!
Xbox News @XboxNewswire
94K Followers 32 Following Your home for all things #Xbox, including Series X|S and Game Pass. Not affiliated with Microsoft or Xbox
Forrest Brazeal @forrestbrazeal
38K Followers 208 Following Purveyor of good tech things. prev. @google
Peter Winter-Smith @peterwintrsmith
6K Followers 3K Following Security researcher & implant developer @mdseclabs; developing SAST @wsastsupport; malware, code analysis, appsec, cryptography. Trying to follow Christ.
Drew Dennison @drewdennison
1K Followers 7K Following Paranoid optimist | CTO @semgrep Prev: @palantirtech @MITTrends for United States
You might like
