Share this page!

David Weston (DWIZZZLE) Profile picture
Twitter logo
Aug 31 4 tweets 2 min read
Playing with @Azure Defender IOT network sensor appliance and its 🔥 Drop a VM and get a device inventory quickly. Huge library of ICS/OT/SCADA protocols. On my test network it did a great job. You can then scan your inventory firmware for vulns with #refirmlabs
MOAR deets: docs.microsoft.com/en-us/azure/de…
If you have an extra NIC run the VM on your home network and scan all your home IOT with the preview and then freak out
@Azure automatic firmware scanning along with automatic IOT device inventory is game changer, especially for appliances where have you no chance of installing an agent and the firmware is probably some custom Linux patched once 5 years ago...

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with David Weston (DWIZZZLE)

David Weston (DWIZZZLE) Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @dwizzzleMSFT

David Weston (DWIZZZLE) Profile picture
Aug 30
Coming soon to the firmware scanning preview in Defender for IOT.

How many of the IOT, OT, and embedded devices on your network are *actually* fully patched?

Now is your chance to find out.

#refirmlabs @MsftSecIntel
The thing that sold me on making Refirm labs part of Microsoft was running this on my home network and then throwing up in my mouth.
@BlkICScyberGuy you should run this on a few things :)
Read 4 tweets
David Weston (DWIZZZLE) Profile picture
Jul 15
I have gotten to the point where I am maintaining my own forks of firmware and OS for all my routers, switches, and servers. I have a weekend reminder to merge fixes and spin builds - how did i get here.
my home router is now a 100GBe Arista switch running SONIC with NAT github.com/sonic-net/SONi… just need PPOE #dwizzzlecloud
If you want to play with sonic check this out from @ServeTheHome servethehome.com/get-started-wi…
Read 4 tweets
David Weston (DWIZZZLE) Profile picture
Mar 3
@SwiftOnSecurity @BillDemirkapi @mattifestation WDAC policies work on both 10-11 with no hardware requirements down to the home SKU despite some FUD misinformation i have seen so it should be your first choice. Create a policy with the Wizard and then add a deny rule or allow specific versions of Nvidia if you need
@SwiftOnSecurity @BillDemirkapi @mattifestation webapp-wdac-wizard.azurewebsites.net is where you get the Wizard
@SwiftOnSecurity @BillDemirkapi @mattifestation These are all the attributes you can block or allow on: Image
Read 4 tweets
David Weston (DWIZZZLE) Profile picture
Feb 16
Windows 11 now has BY DEFAULT:

✅ TPM
✅ LSA PPL
✅ HVCI with block list updates
✅ credential guard
✅ enhanced sign in (Hello in VBS)

And there’s more…
It’s really burning me up not to tell you about “more”
“Why do I need this TPM thing” TPM is the base for every single layer here that provides credential protection.
Read 5 tweets
David Weston (DWIZZZLE) Profile picture
Jul 16, 2021
This is awesome, Microsoft matches donations to Open Security Training!
donated
I've learning about coreboot over lunch:
Read 4 tweets
David Weston (DWIZZZLE) Profile picture
Jun 3, 2021
I think people are going to excited (and scared) about getting a look at all the vulns in their BMC and SSD firmware with a virustotal-like web submission. With WFH I have been scanning all the stuff on my home network and it’s been enlightening :)
basically if you know how to use virustotal, with Refirm you can now find real bugs in just about any firmware file. Just download it from the mfg site and drag and drop. I think its going to really open peoples eyes, and show what's been ignored for far to long.
unlike most security start ups I have met, @RefirmLabs was no BS and within 10 minutes of meeting with them I could already use their product (on my own) and had an automated pen test report that was approaching the quality of one of our human pen testers.
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(