Most companies are not Uber this morning as a matter of luck, not skill.
This could easily have been ~90% of organizations.
Don’t point and laugh. It could be you next time, and it might be already.
Google's search engine is jumping the shark.
1. Half the page is ads.
2. There's one result on the page.
3. Then recommendations for more questions.
It's almost like their mission is to sell ads rather than organize information.
What's better? Startpage? Kagi? Something else?
Using wildcard glob support in nuclei, you can quickly scan for CVEs of specific years, for example, 𝗻𝘂𝗰𝗹𝗲𝗶 -𝘁 '𝗰𝘃𝗲𝘀/𝗖𝗩𝗘-𝟮𝟬𝟮𝟬*' will scan for all the CVEs assigned in 2020 from nuclei templates project.
#nucleitips
#hackwithautomation
🪳👀🚨DEVELOPING: A potential data exposure issue within ServiceNow's built-in capability has been identified. This could allow unauthenticated users to extract data from records.
1️⃣I don't think it's possible to predict technology
2️⃣But I do think it's possible to predict (generally) what technology will be built based on what humans want from it…
This 9,000 word, illustrated piece lays how I see AI advancing through 2030+.
Millions of people clicking "Accept All Cookies" all day long is not improving anyone's security.
This is the new textbook example of security being in the way, and not exploring the tradeoff between efficacy and experience before making a policy change.
Holy crap!
🛡️Microsoft just released a Security-focused chat interface called Security Co-Pilot!
❓You can:
- Vuln information
- Incident information
- Reverse engineering
- Etc
💡🤝💪Being mentored by someone ahead of you can change your whole trajectory, but there are good and bad ways to do it.
📄
Here are the main things to do—and avoid doing—when contacting and working with a mentor.
💡I think our two biggest problems right now are:
1) the lack of meaning in our lives, and
2) the fact that AI is about to make it much worse
➡️Follow me for original ideas, analysis, tools, and mental models one how to thrive as humans in world full of AI.
@danielmiessler
🚨BREAKING: Microsoft is warning of nation-state hackers exploiting a critical vulnerability in Atlassian Confluence Data Center and Server.
The tech giant has linked this exploitation to a threat actor it tracks as Storm-0062 (aka DarkShadow or Oro0lxy).
After a few weeks of teasing, I'm happy to officially announce the launch of Fabric.
Fabric is an open-source framework for augmenting humans using AI.
📄Tons of prompts for real-world use cases
🧱A free AI server for hosting your own APIs
…much more!
I just put out v1.0 of my AI Attack Surface Map that goes over the following:
🤖 The primary components of AI attack surfaces
🔓 Learn about AI Assistants, Agents, Tools, Models, and Storage
🎯 Explore various attack methods and their potential impact
[ TUTORIAL ] amass — Automated Attack Surface Mapping
The first in my new tutorial series on OSINT/Recon tools, and this one is on amass!
#infosec
#tutorials
Twitter is a bowl of Ice cream.
If you have one every once in a while, it’s pure magic.
But if you eat it for every meal, in place of better foods (like doing your own projects), there is a 0% chance you won’t feel like garbage.
Do not eat too much Twitter.
Doing pentests on orgs with no security is like doing full genome analysis on morbidly obese people.
You're wasting valuable time and money by not jumping directly to diet and exercise.
The pentest industry thrives off the false belief that the problems are hard to find.
Finally finished a piece I've been wanting to write for years!
It's a capture of the key skills that security managers are constantly asking their people to do, and therefore the skills that new applicants need to be ready to do on Day 1.
#infosec
#jobs
Ok, this new Fabric Pattern is insanity:
⚙️create_academic_paper: Take any input and create a LaTeX academic paper from it.
pbpaste | fabric -sp create_academic_paper
The more creatively you pay for your tickets to DEFCON the more you’re showing you deserve to be there.
Hacking has always been about doing unexpected things in the name of curiosity.
The idea of demanding “traditional” behavior from hackers is the epitome of losing the plot.
✅I'm calling it now. Hottest development positions for the foreseeable future (12 months?)
⛓️ Developer.
⚒️If you can create AI tooling using
@LangChainAI
Models, Agents, and Tools you can basically set your own prices.
💶 Like seriously $1-5 million a
The first rule for implementing something with machine learning or blockchain…is to figure out if you can implement it without machine learning or blockchain.
If you can work from home consider yourself lucky.
There are millions of people in the service industries right now who are everyday making the choice between potentially getting (or spreading) a sickness, and paying bills.
This thing will be so much worse for them.
🚨👀DEVELOPING: North Korean IT workers have been secretly securing remote jobs in the US using fake identities, funneling millions of dollars to fund North Korea's ballistic missile program.
We've been saying for years that it's bad for ads to be able to run code on your machine. And
@jeremiahg
has been aggressively pro Ad Blocking for years.
But who would have guessed that 2018 was the year that using an Ad Blocker defends your kernel memory?
My full, 72-minute video on how I see AI developing and integrating with society in the next several years…
🤖 Everyone gets a DA
🕸️API-ification of everything
🛡️Insane security implications
🤔In-depth ideas
🌆 Fully illustrated
🗣️ Expanded narration
…
This is the first time I've ever shared anything about what I'm doing and how I make money. It covers:
* Why I got out of the corporate game
* What I'm doing for income streams
* How much I make on each
* Why I think YOU should consider jumping as well
If you can’t produce an asset list then save the money you would have spent on pentests and download a copy of the CIS Top 20 Controls.
Then start at the top, where it says to create an asset list.
We're elated to announce the release of the OWASP IoT Top 10 for 2018 !!!
This release focuses on simplicity and usability, with a list that combines the top issues facing manufacturers, enterprises, and consumers.
#iot
#infosec
How AI is going to 100x human creativity…
👉Our obstacles are scale and barriers
⬆️ We need billions more eyes and hands
🧠 Millions of geniuses can't even play
…
AI will address the problems we have instead of the problems we think we have…
Unsupervised Learning helps people navigate what's coming with AI…
Every Monday, get:
🔍 Analysis of the stories and trends…
🧠 Original ideas and predictions…
⚙️ …and tangible recommendations for how to respond…
Holy crap.
We now have fabric adding USER CONTEXT to all patterns with the -c switch.
So now you can ask it what strategies you should use to achieve your mission and goals!
Props to
@xssdoctor
and
@rez0__
on this one!
Google has so little money that they had to fill this page with ads to the point of only having 1 actual result.
One result on the entire page.
The rest is ads.
🤖This is my new essay on how AI is going to eat most existing software. Topics include:
🧠 How GPTs actually *understand* things
📐 A new AI-based software architecture
🕸️ Companies largely become APIs
UL is doing a short-run Black Friday sale of 30% off for the first year!
🗝️ Exclusive member content
📚 The best book club ever
👥 Monthly hangouts
📋 and more…
Those are cool, but ultimately, it's an uplifting place for us curious types.
🫶🏻
You want to know a liberal, big-government, pro-environment policy that I would LOVE to see?
A BAN ON PAPER JUNK MAIL
I'd vote for that shit instantly.
Ransomware is the new PCI.
1. It’s annoying
2. It’s not nearly the whole story
3. It’s forcing a lot of organizations to take security seriously
No catalyst for change compares to real-world consequences.
Business disruption is the ultimate argument.
AWS banning Parler from their platform is not censorship because there are countless other providers that will host them.
Individual providers are not required to host anyone. It’s their choice who to take on as a customer.
They are not the government.
@hubermanlab
- How bad common city toxins are, e.g., trace amounts of drugs, metals, other chemicals
- Overall tap vs. bottled vs. reverse osmosis
- The right amounts, which you talked about recently
- The downsides of too little, too much
- The importance of speed of intake
Cory Doctorow (
@doctorow
) just wrote an essay saying that AI was a bubble.
He's very, very wrong, and here's why.
👀 He's distracted by the gimmicks
⚙️ He's not seeing the inefficiency angle
Here's why he's wrong in a concise, 4-minute argument…
The Mudge/Twitter situation is what happens when a company wants to hire a named security personality for marketing purposes, and not to actually fix things.
Companies need to realize that such people often got famous in the first place by having principles they won't violate.
A brief thought on the Hawaiian missile warning failure.
When an Amazon employee deleted a bunch of infrastructure, Amazon had the best response ever.
They basically said it wasn't the employee's fault because that option shouldn't have been available to them.
1/n
The most progress InfoSec’s made in the last 20 years have been due to PCI and Ransomware.
Two things everyone hates and can’t avoid.
It’s never the positive things that cause us to grow.
If you are under-represented in information security, and you're looking to get into the field, please consider me a personal resource to you getting your first job.
My email is first
@firstlast
.com, and while I might not always be timely, I will respond to ever email I receive.
Remember when 280 characters destroyed Twitter?
And when Microsoft destroyed GitHub when they bought it?
It’s crazy that people move to aggressive panic insults when tiny, inconsequential things change on the internet.
You can only use Word 97 for so long.
Embrace change.
I'm pleased to announce the public launch of my company HELIOS !!!
“Helios actively monitors a company's external attack surface in near-realtime and notifies you when it finds something dangerous”.
Learn more below and ping me with any questions!
@emisnotavampire
@itmemandy
@Viss
Actually, “bug” is the technical term for the superclass of anything that gives either the “Heebie-geebies”, the “nopes”, or the “hell-nos”.
Anyone else grappled with pip, pipx, poetry and everything else for months and finally realized Python is a shitshow?
Thinking about moving to go for a big project.
Thoughts? Experience?
I don't want to chase green grass and find out it's just as treacherous.
I just wanted to say, I’ve always had a very mixed signal here on Twitter. I talk about tech, politics, and human/philosophical topics.
And I know between 1-3 of those have annoyed the crap out of you.
If you’re seeing this, thank you for accepting the whole me.
It’s time to make police wear pink and peach, with a slogan of “Community Protector”.
Dressing 20-something males up like Navy SEALs is attracting the wrong fucking people to this job.
The Ubiquiti breach will bother you less if you grok that you use dozens of similar vendors everyday that are just as insecure.
Assume most services you use have either been hacked already or will be soon.
And behave accordingly.
My full, illustrated, 9,000-word essay on how I see AI influencing technology in the coming years. Includes:
- 🤖 Digital Assistants know our souls
- 🔗 Everything gets an API
- 👓 AR as the UI / UX
- 🛡️ DAs Defenders
- 🚨 Attacker Capabilities…