huxley - Network

Representational parity is a continuing struggle in #cybersecurity. Recently, Tennisha Martin, Miki Demeter, and Katelyn Falk shared some...

Representational parity is a continuing struggle in #cybersecurity. Recently, Tennisha Martin, Miki Demeter, and Katelyn Falk shared some helpful strategies and tactics that have helped #dei initiatives.

ICMYI. Watch the replay https://www.youtube.com/watch?v=U1yN1hyqCWI or read the writeup https://www.dianainitiative.org/we-are-in-this-together-webinar-recap/.

Much thank to The Diana Initiative and @blackgirlshack for supporting the webcast.

The We Are In This Together! webcast features industry leaders sharing strategies and tactics that have been successful in improving DEI...

The We Are In This Together! webcast features industry leaders sharing strategies and tactics that have been successful in improving DEI parity. I'm looking forward to hearing their insights! Please make sure to attend it on March 20.

https://tdi.mobi/we-are-together

#cybersecurity #dei

😱how did I not know this until today?! 🙀💨

😱how did I not know this until today?! 🙀💨

I wonder if when Salt-N-Pepa wrote Push It, they realized how often that song would be used for potty training.

I wonder if when Salt-N-Pepa wrote Push It, they realized how often that song would be used for potty training.

@BSidesNYC 0x03 Recap: In this session, Anita D'Amico, discusses strategies for securing your software supply chain, how it's very...

@BSidesNYC 0x03 Recap: In this session, Anita D'Amico, discusses strategies for securing your software supply chain, how it's very different from #appsec, and her predictions on future #softwaresupplychain trends.

#softwaresupplychainsecurity

https://youtu.be/pSSyDmux_f0?si=SD1ykRZMNOsDCzW4

Zach Wasserman from @Fleet and I had a fantastic conversation on his podcast where I gave him a sneak peek at what's coming for...

Zach Wasserman from @Fleet and I had a fantastic conversation on his podcast where I gave him a sneak peek at what's coming for @BSidesNYC 0x04. We also had a great conversation about advanced methods to enumerate vulnerabilities beyond rudimentary vuln scanning.

Please connect with me if you have any questions.

#securityconference #vulnerabilityassessment #vulnerabilitymanagement

https://fleetdm.com/podcasts/expeditioners-huxley-barbee

Check out this @BSidesNYC 0x03 interview by Preeti Ravindra with Veena Susan Peediyakkal where she talks about how threat intelligence...

Check out this @BSidesNYC 0x03 interview by Preeti Ravindra with Veena Susan Peediyakkal where she talks about how threat intelligence supports the rest of the security organization and what it was like running a workshop at the conference. #threatintelligence #securityconference

https://youtu.be/Ko-arpF-j-I

@BSidesNYC 0x03 Recap: DLL hijacking is old news.... but is it? In this session, Wietze Beukema takes us through how process-level...

@BSidesNYC 0x03 Recap: DLL hijacking is old news.... but is it? In this session, Wietze Beukema takes us through how process-level environment variable abuse is a viable vector for taking over legitimate applications.

#endpointsecurity #windowssecurity

https://youtu.be/pWyVOn0k1Tc?si=63wXRNjIx80XMwlG

A rare gem -- a full account of a supply chain attack!Normally, we never know the full details of supply chain attacks. Defenders piece...

A rare gem -- a full account of a supply chain attack!

Normally, we never know the full details of supply chain attacks. Defenders piece together clues, but typically there are gaps in the attack chain or timeline since the attack spans over a long period and potentially across multiple entities. In this article, John Stawinski and Adnan Khan documented in great detail how they executed a supply chain attack through #pytorch and #github.

Three key takeaways for me:

1️⃣ Complexity is the number one reason that these attack vectors exist.

2️⃣ Complexity is creates the environment that allows the adversary to remain undetected. In this particular attack, they were able to suppress notifications and evade security controls.

3️⃣ Even after several notable supply chain attacks (e.g., #solarwinds and TeamCity), unsecured development secrets continue to be a boon for offsec, especially in supply chain attacks.

It's a fascinating read. They hope to talk more about this at "a certain security conference in LV, NV." I hope their talk gets accepted.

#supplychainattacks #defcon

https://johnstawinski.com/2024/01/11/playing-with-fire-how-we-executed-a-critical-supply-chain-attack-on-pytorch/

@BSidesNYC 0x03 Recap: In this session Marcus Hallberg shows us how to use snapshots of volatile memory in Google Kubernetes Engine kernels...

@BSidesNYC 0x03 Recap: In this session Marcus Hallberg shows us how to use snapshots of volatile memory in Google Kubernetes Engine kernels to troubleshoot current node activities or support a security investigation. #gke #cloudsecurity #kubernetes #dfir

https://youtu.be/r0JGLcRLW9E?si=-KNU7LhD1WxKk189