(he/him) Dad / Husband / Marine / Student / Teacher / Red Team & CTI Director / @Hak5 / @NoVAHackers / @SiliconHBO / @NationalCCDC / @MARFORCYBER Auxiliary
Dec 14, 2021 • 12 tweets • 3 min read
10 #Log4Shell Facts vs Fiction: a 🧵 1. 1.x is NOT vuln to this RCE. While it doesn't have another RCE, it requires access to send serialized data to a listener ON the log server. This is much MUCH harder to exploit and kind of rare for a Log4j server to be running.
2. #Log4Shell attacks can show up hours after the trigger is sent. We are just starting to understand how deep this rabbit hole goes. I personally had BurpCollaborator and CanaryTokens hit 6-8 hours after they were sent.
Mar 27, 2020 • 6 tweets • 2 min read
How to deal with impostor syndrome:
Step 1: Identify exactly what you feel you are lacking skill or information in. No abstracts, no "better at this"
Step 2: Write it DOWN on PAPER, no digital forms. There is a lot psychology behind this.
Step 3: Identify steps to get there.
Step 4: No excuses. Procrastination is evil, and excuses are its weapon. I get it; you have life responsibilities and other things that take up your time. Find the time. Get rid of that mobile game, read during lunch, during trips to the bathroom. You have time. Optimize it.
Jan 19, 2020 • 4 tweets • 2 min read
I want to make something very clear to the #infosec community. Just because you aren't deeply technical, a pentester, a red teamer, a forensics expert, or RE wiz doesn't mean that you can't teach people things. Everyone's life experiences are different and the more we 1/4
share knowledge, the better we all become. Even if it's your first week on the job in a SOC and you see how a piece of malware installs sticky keys, or your a manager who manages 10 red teamers but have never popped a shell, you have experiences that the majority of us 2/4
