Discover and read the best of Twitter Threads about #infosec

Most recents (24)

How to start in #InfoSec

1. Pick up a CISSP book and get basic concepts, block the chatter about cert or no cert you still need to get security basics.
2. Learn about Windows, yes windows you won't find your clients running Linux except on few servers.
3. Learn basics of programming, no you don't need to write or built next gen SAP software but you need basics.
4. Learn about OWASP top 10 at the minimum. No i won't ask you to do WebApp Pen test but atleast learn how the web app hacks work.
5. At minimum learn how to use and interpret output of these tools nmap, Nessus, OWASP ZAP.
6. Read security trends reports like @VZDBIR
Read 5 tweets
[Thread] Certifications

A non-comprehensive, non-linear summary of Dr. Craig Wright’s professional certifications.

National Security Training Academy
Security Industry Course and Firearm Certificate of Achievement - Granted in 1992

#Bitcoin
#Satoshi
#BSV
Brisbane YMCA Youth Club
Best Military Tactics - Granted in 1988

#YMCA
#Australia
#Rambo
International Systems Security Professional Certification Scheme - Granted in 2005

#International
#SysSec
#Professional
Read 60 tweets
If you could recommend anything #infosec related, that you learnt later rather than sooner, what would it be?
Great presentation by @TC_Johnson on what he'd of liked to have been taught in Linux 101
Anyone looking for TC's talk I believe it'll be saved via here: youtube.com/channel/UCx1Ek…
Read 3 tweets
#bebaskanravio mas ravio perlu menjelaskan detail device, apps installed, dan timeline bbrp hari terakhir, agar expert diluar sana bisa narrowing possible attack vectornya...

Phising are the easiest way to steal your 2FA keys, social engineering beforehand, MITM etc
Probably ada yang monitoring SMS mas ravio ini, SIM Card providernya apa ?, Android or IOS ?, "Have been registered to another phone", high chances itu sim card swap, according to the clue..

en.wikipedia.org/wiki/SIM_swap_…

#bebaskanravio
cluenya: Mas ravio jelaskan ada panggilan telfon dari nomor2 yang tidak dikenal..

ada orang yg mengetahui data mas ravio, lantas si pelaku (dg SOCENG) menelfon provider untuk convince agar swap number ke sim card baru... its been done already di banyak tempat...
Read 44 tweets
What are some fun Dropbox style urls you hunt for on twitter?

I really like “drive.google.com

Here are some things I’ve found 🧵

#infosec #30DaysOfThreads #OSINT
Korean Lessons content

- Sejong Korean 1-3
- Introduction to Sejong Korean
- History of Korean Culture
- Hangul Lessons
- Sejong Korean 3 - ENG. VER.

FILE: drive.google.com/folderview?id=…
Here's 500GB worth of information for anyone seeking to learn programming.

drive.google.com/folderview?id=…
Read 7 tweets
❌ - stefano patarnello on Google >>> posts.google.com/share/iCGv3iMK…
>>> War Ina Babylon >>>
The thing is, the white murder rate is going to skyrocket, when white people get put under severe pressure, they can snap and end up killing family members or themselves.

We just had a recent situation of a (probably white) man killing the new boyfriend of his ex-girlfriend.
Read 68 tweets
This is terrible. Let me tell you why. THREAD #privacy #infosec #cybersecurity #COVID19 theverge.com/2020/4/10/2121…
First, health data has ALWAYS been considered protected and sensitive. Hence, the privacy requirements and oaths physicians abide by - courts have LONG recognized this privacy.
Here, we're going to have health data records tied to a person tied to a phone tied to a location. It's literally a real-time walking health report.
Read 17 tweets
So anyone in the #disinfo biz will understand the significance of this ...it appears one of the largest #Qanon accnts on Twitter, @StormIsUponUs has been suspended. "Joe" had a following of 273000 & was probably in the top five for most influential around the Qanon hashtag #osint
Not sure when the suspension occurred or the reasons ... I can suspect it was probably related to #coronavirus disinformation. Here is how the account used to look recently. #Qanon #WWG1WGA #infosec #osint #disinfo
The @StormisUponUs accnt was favored content boosted & retweeted by propaganda agents all over the world ...including Kremlin-aligned #disinfo accounts. The account was front in center in alot of conspiracy hashtags like #ClintonBodyCount, #whiterabbit, #pizzagate and #JihadSquad
Read 6 tweets
CVE-2019-20634 is a 💣🎇

@moo_hax shows that the #MachineLearning system powering @proofpoint email protection (versions up to 2019-09-08) are vulnerable to model stealing & evasion attacks.

nvd.nist.gov/vuln/detail/CV…

Adversarial ML is now an #infosec problem. Wow.

THREAD 1/
To the best of my knowledge, this is the first CVE assigned to an adversarial ML attack with a CRITICAL rating from @NISTcyber nonetheless. Wow.

And all hot on the heels of @CERT_Division first vuln note on the topic, a week back. Wow again.

Trailblazing, @moo_hax! 1/
Part I: Attack summary: @moo_hax & @monoxgas do:

1) Model Stealing - Query proofpoint email protection, observe the response. From this (query, response) pair, create a surrogate model

2) Evasion - Attack a surrogate model offline, and find samples that evade the model 2/
Read 10 tweets
1/ For #infosec teams to maintain credibility during a crisis, it's important to strike an appropriate balance between security and keeping the lights on. One product that has come into focus is @zoom_us since many organizations have suddenly adopted and integrated this tool.
2/ Business teams like Zoom because:

- It just works
- The UX is excellent, and superior to pretty much everything else
- The above two factors mean that friction is very low when adopting the tool and people can become immediately productive, even when not used to remote work.
3/ The first principle of business in an emergency like this one is "keep the lights on" and this means that there are some very real trade-offs. One of those trade-offs is security. There are real and appropriate concerns with Zoom, and also some overblown ones. Let's dive in.
Read 14 tweets
Por favor BASTA! Es momento de frenar a tiempo el falso debate sobre la diada #privacidad Vs. #salud. No funciona así. Apelo a la responsabilidad de todos los especialistas de no instalar estas disyuntivas,que no sólo son innecesarias sino que traen confusión (cont.) #Covid_19
Nadie debe perder su #libertad #autodeterminacióninformativa ni la #protección de sus #datos y #privacidad, por preservar la #salud y luchar contra el #Covid_19 #COVID2019 #COVID. Se puede hacer esto último sin vulnerar derechos ni libertades. (Cont.)
Los #datosdesalud son datos sensibles. Para el procesamiento de los #DatosCoronavirus NO es necesario violar la privacidad ni libertad de nadie, se los puede procesar/tratar respetando las exigencias legales que impone la #proteccióndedatospersonales. (Cont.) #Covid_19
Read 19 tweets
Wow big story I just saw from @donie on a @cnnbrk undercover investigation by @clarissaward & her team revealing a Russian linked troll farm in Ghana Africa. One of the accnts they highlight is @africamustwake. We reported on that & a couple others last wk
Here's our thread from last wk on 4 tightly connected #BLM accnts that we identified a while back & had added to our new alt-left #Hamilton68 set of Kremlin-aligned twitter trolls. Can't believe they turned out 2b Russian outsourced accounts based in Ghana
This is a set of some of the accounts we also found. I guess we will find out soon enough from Twitter as I am assuming they will make this suspended data set available. @AfricaMustWake
@AfricaThen
@TheNewAfrica_
@_Pawa_2_da_ppl_
@s_Racism_
@TonCarthur
@WomensRights___
Read 15 tweets
1/25 How to Establish Secure Communications
- This is for you if:
- You’ve been stalked or harassed
- You think your spouse/partner is spying on you
- You are a journalist or activist
- You are a concerned about privacy
#30DaysofThreads #Security #infosec
1/25 What we’ll cover:
- Your risk profile
- Back Up Communication Plans
- Burner Phones
- Resources
3/25 Your Risk Profile:
If you believe your current phone, internet, accounts or computer are monitored, DO THIS NOW:
1) Do not/not use the phone, computer or accounts for communications with your trusted intermediary or with a third party you are asking for help.
Read 27 tweets
I’m going to summarize my recent issues in GitHub Apps which totaled to $12k in this twitter thread (may create a blog post soon)

(it’s a pretty long thread)
bug 1: GitHub Apps can choose to optionally request user OAuth authorization, which allows them to access the user’s account in addition to being added to a repository. When this happens, the user is shown a message saying that the app is being authorized to their account.
If an app owner changed the app settings to request OAuth authorization while the user was on the authorization page, the user OAuth authorization would be granted even though that message was not shown to the user.
Read 16 tweets
New Paper📢 : Adversarial Machine Learning - Industry perspectives

TL;DR:
- 25 out of 28 organizations we interviewed noted that they dont have right tools in place to secure ML assets
- SDL for industry grade ML models has lots of open questions

arxiv.org/abs/2002.05646 1/
Part I:
There is an adversarial ML research explosion -1 50 papers in the last 2 years - and been around since 2004 (see @biggiobattista paper sciencedirect.com/science/articl… )

We ask broader question: What does adversarial ML mean to ML and sec engineers in industry? 2/
We spoke to 18 large organizations and 10 SMBs. Most of them cluttered around cybersecurity but also "security sensitive" applications like healthcare, banking
We spoke to ML engineers and security analysts in the organization to learn how they approach adversarial ML 3/
Read 17 tweets
Few months ago, I tried to apply one of @ j_opdenakker #infosec advice he wrote on this blog: "Evaluate (…) your online accounts. Delete what you no longer need". I tried to do it very seriously. Summary of the main obstacles I observed 👇
First of all, it seems obvious but you need to know the online accounts you have. Hopefully, I store them for several years but probably missed several dozens created before. So I browsed my online accounts and decided to try to delete 85 ones.
And this is the 2nd obstacle: you have to be very well organised to follow requests you send to websites owners. To give you an idea: almost 60 replied positively within the first 15 days. Then, each month, I got around 6 new requests processed, after sending multiple reminders.
Read 12 tweets
Abuse is real.

The Johnny Depp hashtag stuff is opening some wounds I've worked to keep closed. As twitter and #infosec kept me together, it's time to come clean with that pain

I was domestically abused for more than two years

You all saved my life. Literally.

Thread... 1/33
At first it was simple stuff "you don't love my like you did when we first got together" or "you just don't see it." That's just relationships though, right?

It moved to degrading. To control. To cheating. In order to live a normal life, I had to give up piece by piece.
First it was freedom

I was constantly berated for trying to make plans with friends. She refused to like any of my friends that I had before we were together. She refused to let me make new friends. I was only allowed to talk to the people she knew and interacted with first.
Read 36 tweets
Cuz #china is trying to kill me and my race it’s time they start paying all my bills and not only
Read 25 tweets
I want to make something very clear to the #infosec community. Just because you aren't deeply technical, a pentester, a red teamer, a forensics expert, or RE wiz doesn't mean that you can't teach people things. Everyone's life experiences are different and the more we 1/4
share knowledge, the better we all become. Even if it's your first week on the job in a SOC and you see how a piece of malware installs sticky keys, or your a manager who manages 10 red teamers but have never popped a shell, you have experiences that the majority of us 2/4
haven't seen or done personally. There is a lot of bravado out there. Many people speak on popping shells & APT like they are experts, that aren't, but when you share experience, real experience, we all get better. Shared knowledge, infinite curiosity, this is what it means 3/4
Read 4 tweets
Dear #Infosec friends with kids. I need a favor for a big project.

Could you please ask your kid (age doesn't matter) to give a one sentence answer to the following questions.

1. What cyber security means to them
2. A prediction for the future of cyber security

Thanks!
Finally got mine corralled to answer:
12yo
1. The kind of hacking that protects people
2. It's gonna become more popular
15yo
1. "The protection of information, and strengthening the internet as a whole"
2. "I think it will be very prominent in the future. With constant innovations in AI, there needs to be people to secure them"
Read 5 tweets
This is incredible. My first instinct was to share. My second: what data did they have to give away to get this?

Sad right? Absolutely, so instead of bleating about stuff you can’t change I’ve scribbled a bit about what you can 1/14
First a plea to worth spare a thought for #DataProtection #InfoSec #Privacy and all other related crews, who work to keep these folk accountable for protecting the data you share to access the necessary, fascinating, or fun stuff you do online. /2
Worrying about this stuff is exhausting and we all compromise privacy for access because the machine is designed to win that way. It is a war of attrition. But you can do small things and change a few habits to keep you and yours safer while we tackle the gnarlier stuff /3
Read 15 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!