Discover and read the best of Twitter Threads about #InfoSec

Most recents (24)

With more than 100,000,000 downloads ES File Explorer is one of the most famous #Android file manager.
The surprise is: if you opened the app at least once, anyone connected to the same local network can remotely get a file from your phone
Technically, everytime a user is launching the app, a HTTP server is started. This server is opening locally the port 59777. On this port, an attacker can send a JSON payload to the target
You can find the proof of concept on this Github repo github.com/fs0c131y/ESFil…
Read 11 tweets
Just before Christmas we looked at #Hamilton68 accounts who focus on Russian geopolitics and how they were stoking the #giletsjaunes conflict in France. We noticed a new hashtag #integrityinitiative (red arrow) .. #infosec #osint #opsec
We didn't think much about this over the holidays but revisited it in early January 2019. Turns out the the #integrityinitiative had become even more prominent and prompted additional research .. #infosec #osint #opsec
We did a hoaxy analysis of the #integrityinitiative hashtag on January 5th and noticed two major nodes of well-known #Hamilton68 accounts .. @Ian56789 and @ShoebridgeC ... #infosec #osint #opsec
Read 10 tweets
The one often overlooked vulnerability in your threat model: you.

A thread.
There was an evening twitter discussion with @CharlesDardaman and @ravici yesterday about the reality of the threat of furloughed federal workers getting flipped by foreign adversaries.
@CharlesDardaman @ravici I think it needs to be part of the Fed's threat model now, since the Fed is telling them to hold garage sales to make ends meet.
Read 10 tweets
Second cache of 9/11 docs released by The Dark Overlord hackers rt.com/usa/448416-hac…#september11 #DarkOverlord #TheDarkOverlord #ITsec #ITsecurity #IsraelDid911
According to @Forbes, the cybercrime group known as #TheDarkOverlord has acquired 18,000 documents, many of which are related to the 9/11 events, and are demanding #bitcoin ransom in return for the data. #DarkOverlord
forbes.com/sites/thomasbr…
Read 24 tweets
A fascinating thread ...dont think 4 a minute that the only propaganda / misinformation campaigns come from Russia ... there are plenty of domestic operations going on right now. In this case a Wall Street Hedge Fund manager posing as a #Bernie2020 acolyte
As @HoarseWisperer alertly posted, this Hedge Fund manager is running a disinfo / troll campaign against @ewarren and her supporters. If ur reasonably intelligent, I think you can figure out why a wallstreet Hedge Fund manager might be behind promoting #Bernie2020 #infosec
No idea right now how much of the "we want Bernie" tweets to @ewarren are from trolls, cyborgs and bots. Guessing like ourselves lots of other groups are scrambling to collect the data for analysis. #infosec #opsec #osint
Read 8 tweets
The alt-right is in an interesting quandary. They want 2 argue #projectbirmingham, a small social media disinfo experiment by a handful of Dem activists affected the outcome in Alabama Senate race ...but not social media disinfo efforts by Russia, a nation state in 2016? #psyops
Some background on #projectbirmingham .... if everything from the original NYT story is true about this domestic disinfo campaign against #RoyMoore then yes I am against this as much as I am against what Russia did in the 2016 elections. #infosec #ALsen
NEW: This is a strong denial from the New Knowledge CEO Jonathan Morgan, including the part about the creation of fake Cyrillic Russian bots ... so someone has some explaining to do #ProjectBirmingham #infosec
Read 11 tweets
I've been tagged in quite a few #FF today, and as it's the last Follow Friday of the year, I wanted to take a sec to chat about social media as it relates to #infosec and #threatintel.

Kind of like a year in review.
Social media has been a hot topic this year. It's literally made it into the halls of Congress. But I'm not going to talk about how Jack and Zuckerberg are selling our souls away at our own consent, or about how they're knowingly assisting in foreign information operations.
Let's chat about potential.

Social media has a massive potential for change. You don't have to look much further than the Arab Spring to know that. For our industry, it has a massive potential for great, or awful, change.
Read 14 tweets
I get to head out on vacation in a couple of hours. normally I'd do a farewell #FF, but not this time.

I'm too disappointed.

Mini Thread.
I am not a military man, I never was. Yet, I felt a great depression set in when I saw Mattis resign. I have a great respect for him, I started to think about why, why it depressed me, and realized it spreads to much more than this moment in time in my life.
There is a dearth of leadership everywhere. We refuse to listen to anyone outside of our point of view. Adversaries become enemies far too easily. Those who should know better, willfully blind themselves to embrace the passion of their vitriol.
Read 14 tweets
Today is the 316th anniversary of the 47 Ronin's assault on Kira Yoshinaka's mansion at Edo to avenge their fallen Lord Asano.
The historical account, which has passed into legend, is a story about service, responsibility, and the true nature of correcting failure.
The actual story of the precipitation of Lord Asano's ordered seppuku has been spun in adaptations. The work by his retainers, the Samurai who became Ronin, to plan, prepare, and be patient and wait for their opportunity is a lesson for both #infosec attackers and defenders.
Read 9 tweets
Contingency.

A must for #infosec institutional defenders (and everyone else).

Thread.
"Always have an escape plan."

"Emergency landing plan B."

" ... already working on plan's A, B, through Z."

Life happens. Things go wrong. Are you ready for that?
I will use a real life parable.

I was making homemade pizza puffs for our holiday potluck this morning. I had split up the prep between last night and this morning, browning and seasoning the sausage last night. Today was assembling and baking the puffs.
Read 17 tweets
So, @AerServ are trying to cover up that they've had a breach. I was notified that I was in it via @haveibeenpwned and when reaching out to them, they denied that they have any data on non-registered users or that they've even had any breaches! #infosec [1/12]
After receiving the notification from HIBP, and seeing the type of data involved in the breach - I instantly wanted to know how they could have got data of mine. My mobile usage is not much further on than it was when I was using a Nokia 5110, so no questionable apps. [2/12]
I reached out to them with a subject access request, to get a copy of the data they hold about me, despite not having registered for their services (see screenshot) [3/12]
Read 12 tweets
I kinda feel like there's an #infosec equivalent to Brooks's Law: hiring more infosec people does not make an organization (or project) more secure. Likewise, mirroring complexity, I think we have accidental as well as essential insecurity.
We often measure #infosec team success or impact via navel gazing: how many vulnerabilities we identified, how many open ports we found, how many AWS tokens we found in git.
The remedies? Build more tools to detect more stuff, deploy more agents, create more dashboards, tickets, metrics. All that requires more people, so our headcount requests go up.
Read 11 tweets
The #aabill is incredibly short-sighted & luddite. Even if the AU Gov. can coerce tech companies to backdoor encrypted messaging platforms, nothing's going to stop people from resorting to using free & opensource #crypto software like @GnuPG! #auspol bit.ly/2QbxUor 1/
Popular #crypto software is trusted because it's been written & vetted by members of a decentralized #opensource community which you can't coerce. If you want to make it illegal to possess @GnuPG in Australia because you can't backdoor it, then you'll kill the IT industry. 2/
Software devs/engineers use #crypto daily to safeguard the apps & systems we code & run against malicious tampering. The #InfoSec community also needs to be confident it can discuss and coordinate responses to security vulnerabilities before they can be patched in private. 3/
Read 11 tweets
Given that a common modus operandi for Russian influencer #Hamilton68 accnts is to sow division & weaken US groups & political parties, the upcoming speaker of the House election & whether Rep. Nancy Pelosi would again get the nod seemed like an obvious target. #infosec #osint
Searching our archived tweet data on about 350 #Hamilton68 accounts, sure enough these accounts had been injecting themselves into the debate on the upcoming Pelosi election. One particular tweet to a simple thegatewaypundit.com article caught our eye.
Displayed here are some example Tweets pushing this simple video posting. What is displayed here are not necessarily verified #Hamilton68 accounts, many are just activist accounts. #infosec #osint
Read 9 tweets
One #DFIR / #INFOSEC thing that is useful to me that I wished I had learned sooner: the art of PDB path pivoting for #threatintel and mal analysis. This is pretty easy, but can be a crazy strong pivot for anyone studying large, tenured threat groups such as many espionage actors.
PDB Path Pivoting Primer

This is a tweet thing about malware PDB paths and their role in the disco, DFIR and/or #threatintel processes, using #KeyBoy as an example.

3/4) What are PDBs?
5) Where/why will I see PDB paths?
6/7) How can I use PDBs paths?
8-n) PDB paths and #KeyBoy
What are PDBs?

Program Data Base (PDB) files are used to store debugging info about a program when it is compiled. The PDB stores symbols, addresses, names of resources etc. Malware devs often have to debug their code and end up creating PDBs as a part of their dev process.
Read 15 tweets
Back on October 10th we got involved looking at a custom Twitter app called Tweetsquad that Ambassador Yakovenko at the Russian Embassy in London was using to promote embassy tweets. A tweet from @carolecadwalla attracted a number of #osint researchers
In the process of investigating this Tweetsquad app we identified some suspect accounts and @ChristinLuvsSno brought this account Leo Hawk @fractalhawk to our attention that appeared to be promoting Yakovenko tweets #osint #infosec
Analysis of @fractalhawk account had all the hallmarks of a Russian influenced #Hamilton68 Twitter account. #Hamilton68 accnts are Twitter accounts the German Marshall Fund has identified as Russian influenced propaganda accnts & many focus on US politics dashboard.securingdemocracy.org
Read 9 tweets
I hate the certification industry, it prevents talented people from participating, particularly younger and less well off. If you want to learn online #investigations I'll teach you everything I can with live support absolutely free. osint.team #OSINT #infosecjobs
If you can get an employer to pay then go for @SANSInstitute because @mcafeeinstitute stinks of stock photography and shyster marketing. Not to mention these people kick ass. @jms_dot_py @WebBreacher @kirbstr @baywolf88
An @OReillyMedia subscription ($39) and @jms_dot_py course register.automatingosint.com/python-course ($45). These are what young #infosec / #OSINT investigators. Should be spending money on. Keeping low monthly payments allows people to get the skills while paying for quality.
Read 6 tweets
If you missed the first #ATTACKCon, let me catch you up in this thread:
First, YES IT WAS RECORDED👍:
▫️Day 1 Morning:
▫️Day 1 Afternoon:
▫️Day 2 Morning:
▫️Day 2 Afternoon:
JUST GIVE ME THE HIGHLIGHTS:
I really enjoyed these recaps and live-tweets from @meansec, @likethecoins, and @redcanary:
▫️@redcanary highlights: redcanary.com/blog/community…
▫️Katie Nickles live-tweets: twitter.com/search?q=%23AT…
▫️@meansec live-tweets: twitter.com/search?q=%23AT…
My keynote on speeding #InfoSec learning:
👉SLIDES: 1drv.ms/p/s!Akl-R_H0qT…
▫️Community:
▫️Organized Knowledge:
▫️Executable Know-how:
▫️Repeatable Analysis:
Read 11 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!