Discover and read the best of Twitter Threads about #Infosec

Most recents (24)

I did this one before. But since we're making #30daysofthreads a great opportunity for folks to learn gems going into 2020, I figured I bring this one back!

With that being said, I will list 10 books to get started you in #hacking & #penetrationtesting
#CyberSecurity #infosec
“Penetration Testing" by
- 1 of the top books you must read if you're new to hacking or reviewing. Some material is dated but it is still a great book (Georgia is working on a new version. Don't bother her about it!) -
@georgiaweidman “Linux Basics for Hackers” by OccupyTheWeb

This book is great for those learning or working w/ Linux. It explains how to install Kali & what services are installed & what they're used for. This book also explains how to create scripts in BASH & Python
Read 10 tweets
In Republican Devin Nunes opening statement, he chose to peddle the insane conspiracy theory that Ukraine helped Hillary lose the election to later then have the ability to smear Trump after he won and pin it on Russia (Say What??) #ImpeachmentHearings #ImpeachmentDay
Rep. Devin Nunes also attacked @AlexandraChalup and (as Democratic stooges) witnesses Amb. Bill Taylor and State Dept's George Kent highly respected professionals who have served numerous presidents of BOTH parties with distinction. #ImpeachmentHearings #ImpeachmentDay
I will remind everyone that while Devin Nunes was the Chairman of the Intelligence Committee of the United States in 2017 we & others alerted him 2 the fact that one of his past campaign websites was breached and infected with Russian SEO spam #ImpeachmentHearings #ImpeachmentDay
Read 15 tweets
Back in late August of this yr the account @ArizonaKayte was suspended by Twitter. I have no idea why ... however this account was of note given it was one of the top most influential accounts within the Domestic pro-MAGA troll group called the #Mighty200 or also called #the200
It was found that the account @ArizonaKayte from #the200 was in the top 6 most retweeted by the primary dataset of alt-right accounts (top 57393 users) h/t @r0zetta from F-secure #infosec #disinfo #magatrolls #osint
The account @ArizonaKayte was commonly found in large Trump Train follow back tweets and still appears even months after its suspension. See the screenshot on the right from 2 days ago #infosec #disinfo #magatrolls #osint
Read 6 tweets
Just read the worst article of the week. I won't link to it to protect them and us, but — please — do *not* follow misinformation which advises you to route your TOR traffic through a VPN service of your choice. One should never encapsulate TOR traffic. It's a trap. ʼnough said.
OK, since questions are being asked about this, I'm gonna drop a “non geek” explanation which should be easy to understand (while skipping many tech details):
First up: routing VPN traffic through Tor or vice versa has certain benefits, as well as disadvantages, depending on your threat model.

On the positive side, it can obfuscate TOR usage. This may be convenient, but that's about it.
Read 7 tweets
2/16 Silencing expert voices in the cybersecurity discussion space is a
strategy for weakness not strength, as any Red Team expert would tell
you. #CyberCon #CensorCon
3/16 The @CyberGovAU removed me from the #AISA #CyberCon speakers list
8 days b4 the event. Reason: my talk content was 'incongruent' w/ the
largest cybersec conf in AU. Yet they had not seen my talk content yet.
#CensorCon #cyber #infosec #cybersecurity #informationsecurity
4/16 #CyberCon removed me from the speakers list based on my talk title
alone. I'm not the only speaker removed: @Thomas_Drake1 was also disinvited. Others
told to alter format. #CensorCon #cyber #infosec #cybersecurity #informationsecurity
Read 16 tweets
Interview done and dusted. Really interesting topic this morning. I did some digging and found out that reportedly last year there were 18.5m reports of sexual abuse worldwide and 12m can be traced back to Facebook Messenger.
In 2018, Facebook made 16.8 million reports of child sexual exploitation and abuse content to the US National Centre for Missing and Exploited Children, which the National Crime Agency estimates have led to more than 2,500 arrests…
So the concerns about Facebook's 'the future is private' campaign, using end-to-end encryption would stand in the way of this reporting process significant and potentially remove much of the responsibility from Facebook to report is valid in my opinion...
Read 18 tweets
Poll time, because I'm curious as to your position. Is a non-disclosure agreement a security measure/control? You can elaborate in the comments, and please retweet for greater visibility. #dfir #infosec #threatintel #security
Almost even on answers so far. Let's get more.
These numbers are so close, so this is clearly not a clean cut issue here. Bumping for more participation.
Read 3 tweets
1. During my last talk someone in the audience asked me if I was optimistic. Are you optimistic? Do you think the future will be better?

My answer is a clear no, let me explain why
2. Public interest is not a thing for #infosec sector. Business is everywhere. A conference organizer told me recently: "We have difficulty to find people who want to talk and have nothing to sell"
3. There is a lot of money in this sector and everybody is trying to get a part of it. As said during the @defcon talk of @schneierblog, public interest should be one of the major concern of the #infosec sector.
Read 11 tweets
#BREAKING: Trump asked the President of Ukraine to investigate @Crowdstrike, a now publicly traded company $CRWD that 1st determined state-sponsored Russian hackers hacked the DNC. There is no server in Ukraine .. but that's beside the point #infosec
Here's our thread on @crowdstrike from 07-24-19 documenting the continued propaganda efforts coming from the Kremlin 2 smear & muddy the waters on something that has been fact 4 a number of yrs & confirmed in the Mueller report #infosec #osint #Hamilton68
This is a good breakdown of the Ukraine call with Zelensky and spells out numerous problematic sections #UkraineTranscript
Read 8 tweets
There are several #infosec data "event horizons" that significantly impact the ability to perform serious malware archeology, depending on the capabilities available to an analyst. I thought it was worth mentioning a few horizons as I've hit a few recently (1/7)
⚫️🔚 YARA retro hunts (~3m/1y/custom if doing it yourself)
Helps in identifying existing samples, but commercial services limit searches. If you can't index yourself you are probably out of luck here (2/7)
⚫️🔚 Public reporting (~2012, maybe 2008)
Some blogs contained interesting factual snippets, but only really started being comprehensive around 2012. Previously it was just elements of interest or forum archives. Recording hashes for research wasn't typical. (3/7)
Read 10 tweets
I don't usually pin tweets. Certainly not personal ones.
But this one is pinned and it's personal because #Neurodiversity is a real thing in my life and probably yours, too, whether you know it or not.
I'm talking generally now about #ActuallyAutistic #ADD #ADHD + so many others.
This is a thread, a single story only, about one person's relationship with #Neurodiversity

I did a thing I don't usually do. I talked about my personal relationship with it at a thing. I didn't plan it. As many life-changing things tend to do --> it just happened.

Before we go too far tho it's very important we establish that this is only a single story. There are many voices that need to be heard.

Read 15 tweets
Hey #infosec peeps! I got locked out of an account so I had to call customer service.

The rep asked for PII, and then unlocked my 2FA. She literally said this: "They ask the most stupid questions ever that nobody can remember. I suggest you pick 3, then screenshot it"
So, I refreshed my screen, and I enountered the worst choice of 2FA questions ever. I literally have no idea what the last name of my best friend from 3rd grade is. His first name is Toure, and I'm friends with him on FB these days, but who in the hell knows that when they are
literally, at best, 8 years old. May I humbly suggest that, if your own front-line CSRs are telling your customers to "just screen shot your 2FA answers" you are hands down, doing it wrong? Asking for a friend.
Read 3 tweets
1/5 #CDNpoli #Elxn43 #InfoSec #MeToo

An update to the #Liberalist data breach of voter & personal information to criminals:

Both Jared Nolan & Luke Strimbold have pleaded guilty to sexual abuse of children, while active as Liberal Party executives…
2/5 #CDNpoli #Elxn43 #InfoSec #MeToo

Details of sex assault charges against Luke Strimbold emerged in local media (to which he pleaded guilty)

As a #BCpoli Liberal exec, he had access to federal #Liberalist database

*Trigger & graphic content warning*…
3/5 #CDNpoli #Elxn43 #InfoSec #MeToo

This confirms Luke Strimbold's extensive relationship with the Liberal Party

LPC shares the #Liberalist database with provincial & federal riding associations across the country

This constituent info remains unsecure…
Read 6 tweets
At the airport waiting on flight to see Mom in ICU. Promised I would tell her story to the world before she’s gone. She is my hero, shaped the man I am today, and the most OG #hacker when Kevin Mitnick was still in diapers.

Prepare for a mega thread. RTs welcome! 1/x
Grew up in a bad home, left at 13 and took her 5yo brother too. Went off grid. Got a job, apartment, everything. She was always tall and attractive, so she made a life for them in relative safety.

Learned to socially engineer people at a pretty young age. 2/x
You can’t do this if you’re just a dumb kid raising another kid. She had street smarts, and did her best to impart that on us. Especially my older sister. Best piece of advice I ever heard her tell sis:

“Don’t have to choose between wearing and burning your bra. Adapt.” 3/x
Read 23 tweets
So let's take a look at the worst/most interesting part of the report @privacyint just published about mental health websites and tracking. How an online depression test share answers with a third party. Say hi to @doctissimo! 👋 1/8

#infosec I guess
@privacyint @doctissimo So let's say you have been feeling quite bad recently and you have suspicion that this might be linked to depression. You're french (lucky you), so you google "test dépression" and find this page 👇 2/8
@privacyint @doctissimo Let's ignore this terrible way of obtaining consent for now and just scroll to start taking the test. I'm using @httptoolkit to look at the request sent when navigating the page...

OH GOD. 3/8
Read 10 tweets
I *may* have been a complete idiot and wiped my PC by attempting to expand the hard drive partition containing my OS when I upgraded my SSD, would any #infosec person like to charge me $10k for a threat analysis confirming I was hacked by China and it's not my fault?
Mfw I successfully defeat the Chinese hackers that stopped my computer from running by typing “bootrec /rebuildbcd”
Read 3 tweets
A thread about #journalism and #infosec/#cybersecurity.

I hear ALL the time from executives who read about infosec issues in the news and want to know more. Journalists are the most important part of the education and information component of #cybersecurity.
I consider journalists part of #infosec - not outside of it. They serve their purpose like a Firewall admin serves theirs for the larger #cybersecurity space. I've never met a malicious journalist, not saying they're out there but, almost all have good intentions.
Most journalists have a non-technical background. This is changing but it is still the case. Just like many of #infosec who came from a non-traditional background and joined our space we need to be supportive and mentor them.
Read 5 tweets
It's absolutely dishonest when a company offers a position but do not tell how much they gonna pay you.

They make you waste your precious time preparing and sending CVs and even testing your remotely.

A job is a bilateral contract: it has to be good for them as well is for you.
I'm tired to see that in @LinkedIn. Hey @GoDaddy, I'm talking about you too!
They take you who are interested in get a job and make you go through their processes. When you are finally accepted, it will be too late for you to drop it since you are about to fix your unemployment situation. No matter if they won't pay you what you want or expect.
Read 6 tweets
Okay who the hell is State #2 from the just released Senate Intelligence report on Election Interference. FBI told 3-4 counties they were breached & those counties refused help? Am I reading this correctly? #infosec #russiagate
State 6 is Arizona ... at least based on this Threatconnect report. The use of the Acunetix scanning tool gives it away…
Okay I am 95% sure State 14 is Wisconsin based on this DET timeline memo they sent out on 09-26-2017. Keep in mind for quite awhile the Walker admin claimed Wisconsin was never targeted. Read the memo closely & you will notice a couple alarming details. This isnt all of it either
Read 16 tweets
This thread includes all my #infographics so far, they present different terms related to Information Security 🔐

It's an easy way to learn new things 📖 I hope it will be useful to the community. RT appreciated 🌐

Follow me @Guillaume_Lpl for more about #infosec #cybersecurity
What is a Botnet & How ti works?
Follow me @Guillaume_Lpl for more about #infosec #cybersecurity #dataprivacy #ITsecurity #technology
What is a Bug Bounty?
Follow me @Guillaume_Lpl for more about #infosec #cybersecurity #dataprivacy #ITsecurity #technology
Read 29 tweets
Alô alô amiguinhos.

Essa é pra vocês que usam/usaram/conhecem alguém que usou algum desses apps de colocar ara de velho.

Segue essa #NoticiaFio que eu te conto pq vcs deveriam largar esse negócio AGORA.
Falar sobre a popularidade desses apps é chover no olhado, abri aqui o Google Play e na parte de mais pesquisados 4 do TOP5 fazem esse tipo de coisa
Pro fio não ficar muito grande vamos nos focar no maior deles o FaceApp.
Na descrição do GPlay ele diz: "Obtenha qualidade de capa de revista em qualquer selfie com apenas alguns toques! Desenvolvido pela IA da FaceApp, a mais avançada tecnologia neural de edição de retrato."
Read 33 tweets
Attempt number 12, to try & suggest #SethRich leaked the DNC emails to Wikileaks & was killed by a Hillary Clinton hitsquad. This is in response 2 the actual bombshell reporting last wk that Russian Intelligence promoted this conspiracy idea #Qanon is mad.
This new #fakenews from alt-right is just a statement from a goofy private investigator Edward Butowsky submitted 2 the court. He was hired by Foxnews 2 try & find evidence that #SethRich leaked DNC emails to Wikileaks. Its his warped reality not, that of the FBI #infosec
And I suppose none of this should be surprising because back in 2016, days after #SethRich was murdered multiple propaganda shops went into overdrive. This tweet said a Hillary Clinton hitsquad killed the 1st Guccifer hacker. Marcel Lazăr is both still in jail and very much alive
Read 6 tweets
Many students asked my academic background by DMs and what is the best to do to work in #infosec. I will answer here:

1) I have a Master's Degree in Telecoms and Networks Engineering from @INP_ENSEEIHT.

2) There is not only one way to work in infosec, create your own!
In France the diploma is very important, this is stupid. Being a hacker is about the mindset, the curiosity, you as a person. Not a piece of paper.
Last but not least, I'm the last person you should ask advice. My life is crazy as hell for the last 2 years. I'm incredibly lucky. I planned nothing. I'm trying to bring my contribution to this world as I can. The only thing I can say is: Learn. Share. Help. Repeat.
Read 3 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!