Can't believe I'm voluntarily wading into this, but here we go.

When you share those full details, that's when I drop everything & get to work (and I usually pull in my teammates too 💁🏽‍♀️). It's not just another cool vuln, it's something being used to harm. 1/6
As an example, here's how I approach it as soon as the details are out:
-understand the root cause & exploit method
-think of potential detection methods & talk to the folks who can implement them if it's not us 2/6
-find variants that the attackers either already have (and may even be using) or could easily switch to and try to get them fixed at the same time as the original bug
-brainstorm fixes, mitigations, system improvements & share them 3/6
The attackers already have all the details & are actively using them. When they're not shared, I & others who have the resources & the want to help, can't. I sit twiddling my thumbs, a very sad Maddie. This creates an asymmetry of information w the attackers knowing more. 4/6
I personally think it's *even more* important to do these things quickly when a mitigation is not available. After ~1yr of focusing exclusively on ITW 0days, I'm learning just how much I, my teammates, & other researchers really can help. 5/6
I know not everyone will agree: disclosure debates will be the one constant in our lives. 🤪 But I thought I'd share, how I, a defender, can make an impact, but I need the details to do it. 6/6.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Maddie Stone

Maddie Stone Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @maddiestone

23 Oct
Today is the day we've been waiting for! Follow this thread as I highlight @DondiWest as part of the #ShareTheMicInCyber campaign. I am proud to give this talented #cybersecurity practitioner the spotlight. #BlackNatSec #BlackTechTwitter #Share the Mic in Cyber graphic. Says "#ShareTheMicInCy
@DondiWest is a #Cybersecurity Attorney @Microsoft where he tracks global cybersecurity laws and regulations in order to identify and mitigate legal risk stemming from compliance obligations. #sharethemicincyber Connect with Dondi on LinkedIn linkedin.com/in/dondi
Dondi is a proud #HBCU graduate & attended @aamuedu, earning a B.S. in Math w a focus in Applied Stats, & as an ugrad student, published research in regression analysis & number theory. As a student, Dondi went everywhere w his TI-82 graphing calculator, which he still has.
Read 27 tweets
27 Aug
I’m really fucking tired. On average, about every week I receive some message about how I’m “unskilled”, “P0’s biggest mistake”, “not technical”. And about every other month one of these messages is posted very publicly or emailed to my managers. 1/7
This is nothing new since I first was an intern. It’s damn clear that the comments are bullshit. That the people taking the time to send me these msgs or create the anonymous accounts are telling a lot more about themselves than about me. But it’s still exhausting. 2/7
If you’re getting these messages too, it’s not about you. I’ve quite literally done everything these folks asked: I’ve done novel research at every level between a die on a CPU and applications. I have the CVEs. Large volumes of my work are publicly available...and yet. 3/7
Read 7 tweets
21 Feb
Lately, I've been watching talks from pre-2010. There's so much important infosec work/history out there, but you need to know what to look for.

What are some of your favorite talks, blogs, events, etc from 2012 or before that you'd recommend to those newer to the industry?
For my "learning Windows" adventure, these have been awesome
* Analyzing local privilege escalations in win32k - @mxatone (2008)
* Kernel exploitation – r0 to r3 transitions via KeUserModeCallback -@j00ru (2010)
* Kernel Attacks through User-Mode Callbacks - @kernelpool (BH 2011)
@mxatone @j00ru @kernelpool I also highly suggest "Professional Source Code Auditing" from BH 2002 by @mdowd @neelmehta @halvarflake Chris Spencer and Nishad Herath

Read 5 tweets
9 Nov 19
I had a conversation today w a man who manages a security team. For me, tbqh this convo was pretty upsetting, but I do think he was coming from a sincere place so hopefully this helps someone else who is also coming from a good place, but is just getting it wrong. THREAD.
The man was chatting about hiring. He said his team is only men, but he gets other women he knows in the industry to come to recruiting events w him because women are much more interested when they see another women there & don’t tend to come up to his booth when it’s just him.
I said, yes, of course. When we see another woman or someone like us on the team, it at least means we won’t be alone. I told him I thought it was false advertising to use other women in this way in order to recruit.
Read 9 tweets
14 Feb 19
I get asked all the time how to get started in binary RE. There are tons of great resources out there, so #1 is just get started with something, anything! But if you're open to suggestions for building a strong, general reverse engineering foundation, here are my suggestions:
1. If you've never taken a computer architecture course or need a refresher: NAND2Tetris. It's free! coursera.org/learn/build-a-… Seriously. It will give you a great understanding of the relationship between Software, Hardware, and the assembly we RE, and it's fun!
2. Learn C. Anyway that sounds good to you is the right way. Why? Pointers & memory are hard. It's even harder to learn them in ASM. Play with C & understand bit operations & how arrays work so they'll be known patterns when you look at them in asm.
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!