H4cker, author of How to Hack Like a Pornstar https://t.co/VvRLVM6MUB & How to Hack Like a Ghost https://t.co/DXpFnQ3rYR
https://t.co/IrQjsNwxGVsparcflow.comJoined February 2017
In security, doing the work is hard.
Proving you did the work to a skeptical auditor/regulator ? 100x harder.
That’s why compliance devolves into checkboxes and process theater.
In security, doing the work is hard.
Proving you did the work to a skeptical auditor/regulator ? 100x harder.
That’s why compliance devolves into checkboxes and process theater.
In a world of ever-smarter AI models, I don’t get MCPs.
Why build & maintain two APIs when the model can read the docs and call the one you already have?
The future belongs to smarter models, not more plumbing.
AWS tip: Use VPC Endpoints (vpce).
✅ Restrict IAM policies to your endpoint
✅ Spot attempts coming from outside your infra
✅ Save $$ on egress traffic
Protection + detection + cost reduction.
Cybersecurity isn’t just about walls, it’s about funnels.
Good hardening doesn’t block everything, it forces attackers down a path you control.
That path should be full of traps.
Replace CEO with CISO and CFO/Marketing with Compliance and it would be perfectly true for Cybersecurity as well….or any field for that matter. Can’t lead and consistently build decent strategies without care and expertise.
Replace CEO with CISO and CFO/Marketing with Compliance and it would be perfectly true for Cybersecurity as well….or any field for that matter. Can’t lead and consistently build decent strategies without care and expertise.
Insane because Microsoft uses a tool like dnstwist to find lookalike domains in Defender for Office 365... but you have to pay for it
The good news is this tool is FREE, so everyone can and should monitor for lookalike domains:
dnstwist.itgithub.com/elceef/dnstwist
Insane because Microsoft uses a tool like dnstwist to find lookalike domains in Defender for Office 365... but you have to pay for it
The good news is this tool is FREE, so everyone can and should monitor for lookalike domains:
dnstwist.itgithub.com/elceef/dnstwist https://t.co/xXzR192tnG
The most powerful security principle i know : defense in depth. i.e, at least two or more security layers on any threat path.
* Password + MFA for employees
* Bearer/Oauth Token + IP whitelisting
* WAF + Static code analysis + rootless prod environment
* VPN + app authentication…
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…
Let’s talk about npm and package registries. How do you deal with infected dependencies ?
* L1: dependabot/renovatebot to wait 7 days before pulling a release
* L2: disable lifecycle scripts if possible
* L3: CI running in a tight env with egress filtering, auditd/falco, job…
SOC should spend more time on detection engineering and siem tuning than on treating alerts. Yet somehow we normalized an army of juniors treating noise 24/7 and then wonder why they missed that one signal that one time
Biggest snake oil business in Cybersecurity : training and awareness.
* You learn nothing new (people click on links, duh).
* Proposed countermeasure do not work (can’t learn digital forensics in 2h a year).
* Mandated by many regulations so nobody questions it anymore
And the…
Passkey/webauthn truly work as a mitigation against credential phishing only when 100% enforced with no alternatives.
Can’t work at scale in customer oriented saas because of the obvious UX issues. But in an enterprise environment ? There is no excuse not to enforce it…
Almost every Cybersec budget disagreement is, at its core, a Risk appetite or Risk perception disagreement.
And that’s okay. Go where your perception is aligned with that of the execs.
496 Followers 2K FollowingTech enthusiast, space aficionado, and advocate for digital freedom. Always questioning the status quo and looking towards the stars. (Auto generated by Grok)
0 Followers 2 FollowingInnovative professional with a knack for transforming ideas into reality. With expertise in technology, excels at crafting solutions that drive efficiency.
53 Followers 192 FollowingCyber Security Consultancy & the premier Cyber Essentials certification body in NW England. Delivering Cyber Essentials to SMEs in UK, Europe, & beyond
325K Followers 119 FollowingEmpowering the world to fight cyber threats with indispensable cybersecurity skills and resources. Build the path to a secure future with OffSec.
29K Followers 206 FollowingHacker at @OutsiderSec. Researches AD and Azure (AD) security. Likes to play around with Python and write tools that make work easier.
26K Followers 1K FollowingGenAI @Youtube | Building AI powered video editing | ex : @Google Search & @Microsoft Azure | 3x hackathon winner | Views my own
3.3M Followers 150 FollowingEngineer. Selecting and curating pictures and videos trying to awaken your sense of wonder. Science, tech, art, weather, space, the unusual around us.
191K Followers 1K FollowingCEO & co-founder @Lightspark ➡️ building the open Money Grid on Bitcoin + @spark. Ran Payments/Crypto & @Messenger at @Meta, led @PayPal + 3 startups.
1.1M Followers 4K FollowingLearn the system I used to gain 1M+ followers, 5.5B impressions, & $217K on 𝕏. Join 1300+ students, go viral, & start earning: https://t.co/h7wKXJpuMV
892K Followers 0 FollowingCitizen journalism with a humorous flair. Following Fintech, Crypto, AI, Longevity, Politics, Memes, and whatever the current thing is.
3K Followers 2K FollowingPowerShell MVP that is passionate about helping others succeed with Active Directory, Entra ID, Defender XDR, and Microsoft 365. Always learning! ✝️👨👩👧👦☕
5K Followers 1K FollowingDFIR @Google by day; threat intel and malware analysis by night · BlueTeam (views are my own) · he/him · @[email protected] / @tomchop.bsky.social
16K Followers 458 Following"The Kafka Guy" 🧠
Have worked on Apache Kafka for 6+ years, now I write about it. (& the general data space)
Low-frequency, highly-technical tweets. ✌️
12K Followers 878 FollowingPassionate About Cybersecurity | Sharing Passion to Help Individuals Discover, Engage, and Level Up A Cyber Career | Tweets Sharing Cyber Tips, Tools, Love💙
57K Followers 1K FollowingCommentary on investing, politics, tech, and start-ups. Not Financial Advice. Sign-up for free quarterly newsletter: https://t.co/6G64m7pEi0
1.4M Followers 1K FollowingBuilding @EurekaLabsAI. Previously Director of AI @ Tesla, founding team @ OpenAI, CS231n/PhD @ Stanford. I like to train large deep neural nets.
84K Followers 912 FollowingI’m the dentist that doesn’t agree with the other 9 | Not Medical Advice | Co-founder of Twitters favorite toothpaste @betterbiom 👇
124K Followers 1 FollowingTrue stories from the dark side of the Internet. Host @jackrhysider.
New episodes released on the first Tuesday of each month.
Discord: https://t.co/bZZRR8C59R
17K Followers 4K FollowingThe official Twitter stream for the HITBSecConf conference series held annually in Europe (Amsterdam), Asia (Bangkok), & The Middle East (Abu Dhabi)
9K Followers 485 FollowingDirector of Mainframe Consulting Services at BMC. Co-founder of https://t.co/fg9TcY84rj and Chairman of the Security Working Group at GSUK.