Boating update:
Mrs signed us up for a week long bootcamp style live aboard sailing adventure... however unlike earlier trainings we've done... this school sent us books 4 months out. With a warning... most take 6 months to do the homework. We have 4.
1
We were granted an exception since we've got prior experience. After looking at these books... I'm regretting asking for it.
There's just **so** much to learn.
I'm most worried about the night non-radio signaling & signal flags. Stuff I've never done before. :-/
2
If our paths cross over the next few months, and you hear me making odd dinging or horn sounds... I've not gone mad... I'm practicing overtaking in fog procedures. (which it's cool how nuanced the conversation can be... but like... wow it's also complex)
3
Also, I never realized how much networking is influenced by naval comms. If you're following correct radio discipline, it's an awful lot like TCP. LOL!
4
• • •
Missing some Tweet in this thread? You can try to
force a refresh
Some management of people is done in the most non-nonsensical ways.
You may know that I mentor folks... like a lot of them.
Today one called me almost in tears. With permission here's a redacted version.
1
End of year evals are due soon. This person was told to rank each employee. Top 25% will get bonuses and put on advancement path. Bottom 25% will be put on PIP!
For those not aware PIP is Performance Improvement Program, it's basically the first step to being fired.
2
For a very large team you may have a bell curve distribution where this may be a viable approach. (I'd like to quibble at the numbers, but it's not THAT bad)
The issue is this approach is **horrible** for the small teams we tend to have in infosec.
blue teamers:
We have to talk. Not everyone, but lots of us are writing really bad detects. Stop trying to detect the tool you will never win doing that. Detect the impacts.
A great example of this:
Responder.
1/?
Responder is a great pen test tool (we use it on our offensive engagements and you should to)
You damn well better be looking for responder... but HOW you do that look is just as important as the fact that you do.
2/?
Perhaps the most frequently used mode of responder is the LLMNR function. This allows responder to trick Windows systems into giving up the currently logged in user's creds to the attacker who is on your local network, but not yet on the victim's system.
3/?
First of all your headline is deliberately inflammatory.
but more critically, you miss the really interesting angle... how is it that these users are setup to fail?
2/?
The fourth estate is supposed to be elevating the discussion. You sir have let us down here. I don't know you... but I feel like you phone it in on this one.
The article should enlighten. At a few points you come close but don't drive home.
I know I shouldn't feed trolls, but this has to be said.
While not perfect, I am a *damn good* tech, biz owner, instructor, and hacker.
You reducing my accomplishments -- while having so very few of your own -- is telling.
2/?
I've opened a boutique infosec consultancy. I am a certified SANS instructor. A member of the IANS faculty... and someone who's not done yet. I've got plans.
For you to say that this is all thanks to a "pill that makes me not be a retard" is about as ugly as it gets.