huxley - Network

Representational parity is a continuing struggle in #cybersecurity. Recently, Tennisha Martin, Miki Demeter, and Katelyn Falk shared some...

Representational parity is a continuing struggle in #cybersecurity. Recently, Tennisha Martin, Miki Demeter, and Katelyn Falk shared some helpful strategies and tactics that have helped #dei initiatives.

ICMYI. Watch the replay https://www.youtube.com/watch?v=U1yN1hyqCWI or read the writeup https://www.dianainitiative.org/we-are-in-this-together-webinar-recap/.

Much thank to The Diana Initiative and @blackgirlshack for supporting the webcast.

The We Are In This Together! webcast features industry leaders sharing strategies and tactics that have been successful in improving DEI...

The We Are In This Together! webcast features industry leaders sharing strategies and tactics that have been successful in improving DEI parity. I'm looking forward to hearing their insights! Please make sure to attend it on March 20.

https://tdi.mobi/we-are-together

#cybersecurity #dei

😱how did I not know this until today?! 🙀💨

😱how did I not know this until today?! 🙀💨

I wonder if when Salt-N-Pepa wrote Push It, they realized how often that song would be used for potty training.

I wonder if when Salt-N-Pepa wrote Push It, they realized how often that song would be used for potty training.

@BSidesNYC 0x03 Recap: In this session, Anita D'Amico, discusses strategies for securing your software supply chain, how it's very...

@BSidesNYC 0x03 Recap: In this session, Anita D'Amico, discusses strategies for securing your software supply chain, how it's very different from #appsec, and her predictions on future #softwaresupplychain trends.

#softwaresupplychainsecurity

https://youtu.be/pSSyDmux_f0?si=SD1ykRZMNOsDCzW4

Zach Wasserman from @Fleet and I had a fantastic conversation on his podcast where I gave him a sneak peek at what's coming for...

Zach Wasserman from @Fleet and I had a fantastic conversation on his podcast where I gave him a sneak peek at what's coming for @BSidesNYC 0x04. We also had a great conversation about advanced methods to enumerate vulnerabilities beyond rudimentary vuln scanning.

Please connect with me if you have any questions.

#securityconference #vulnerabilityassessment #vulnerabilitymanagement

https://fleetdm.com/podcasts/expeditioners-huxley-barbee

Check out this @BSidesNYC 0x03 interview by Preeti Ravindra with Veena Susan Peediyakkal where she talks about how threat intelligence...

Check out this @BSidesNYC 0x03 interview by Preeti Ravindra with Veena Susan Peediyakkal where she talks about how threat intelligence supports the rest of the security organization and what it was like running a workshop at the conference. #threatintelligence #securityconference

https://youtu.be/Ko-arpF-j-I

@BSidesNYC 0x03 Recap: DLL hijacking is old news.... but is it? In this session, Wietze Beukema takes us through how process-level...

@BSidesNYC 0x03 Recap: DLL hijacking is old news.... but is it? In this session, Wietze Beukema takes us through how process-level environment variable abuse is a viable vector for taking over legitimate applications.

#endpointsecurity #windowssecurity

https://youtu.be/pWyVOn0k1Tc?si=63wXRNjIx80XMwlG

A rare gem -- a full account of a supply chain attack!Normally, we never know the full details of supply chain attacks. Defenders piece...

A rare gem -- a full account of a supply chain attack!

Normally, we never know the full details of supply chain attacks. Defenders piece together clues, but typically there are gaps in the attack chain or timeline since the attack spans over a long period and potentially across multiple entities. In this article, John Stawinski and Adnan Khan documented in great detail how they executed a supply chain attack through #pytorch and #github.

Three key takeaways for me:

1️⃣ Complexity is the number one reason that these attack vectors exist.

2️⃣ Complexity is creates the environment that allows the adversary to remain undetected. In this particular attack, they were able to suppress notifications and evade security controls.

3️⃣ Even after several notable supply chain attacks (e.g., #solarwinds and TeamCity), unsecured development secrets continue to be a boon for offsec, especially in supply chain attacks.

It's a fascinating read. They hope to talk more about this at "a certain security conference in LV, NV." I hope their talk gets accepted.

#supplychainattacks #defcon

https://johnstawinski.com/2024/01/11/playing-with-fire-how-we-executed-a-critical-supply-chain-attack-on-pytorch/

@BSidesNYC 0x03 Recap: In this session Marcus Hallberg shows us how to use snapshots of volatile memory in Google Kubernetes Engine kernels...

@BSidesNYC 0x03 Recap: In this session Marcus Hallberg shows us how to use snapshots of volatile memory in Google Kubernetes Engine kernels to troubleshoot current node activities or support a security investigation. #gke #cloudsecurity #kubernetes #dfir

https://youtu.be/r0JGLcRLW9E?si=-KNU7LhD1WxKk189

Check out this @BSidesNYC 0x03 interview by Preeti Ravindra with Lance James where he talks about the need to return to the hacker mentality...

Check out this @BSidesNYC 0x03 interview by Preeti Ravindra with Lance James where he talks about the need to return to the hacker mentality to fuel disruption and what it meant for him to keynote the conference. https://www.youtube.com/watch?v=QJJyR-qdgvE

@BSidesNYC 0x03 Recap: In this session, Jessie Jamieson, PhD, provides an overview of #sbom and the need for validation, verification, and...

@BSidesNYC 0x03 Recap: In this session, Jessie Jamieson, PhD, provides an overview of #sbom and the need for validation, verification, and effective prescriptive data science and operations to effectively secure your software supply chain. https://www.youtube.com/watch?v=yogmzTXsphk

Check out this @BSidesNYC 0x03 interview by Preeti Ravindra with Munish Walther-Puri where he talks about the ethos of generosity and other...

Check out this @BSidesNYC 0x03 interview by Preeti Ravindra with Munish Walther-Puri where he talks about the ethos of generosity and other thoughts on community in the cybersecurity industry.

https://www.youtube.com/watch?v=QdoP6QAj-34

@BSidesNYC 2023 Recap: In this session, Aditya Patel takes us through the good, bad, and uncanny of...

@BSidesNYC 2023 Recap: In this session, Aditya Patel takes us through the good, bad, and uncanny of #chatgpt.

https://www.youtube.com/watch?v=x0coh7acrC0

The first day of #BSidesCalgary 2023 was amazing! It was a pleasure to speak alongside Jason Maynard, Michael Spaling, and others. Many...

The first day of #BSidesCalgary 2023 was amazing! It was a pleasure to speak alongside Jason Maynard, Michael Spaling, and others. Many kudos to James Cairns and the team for a well-run con. And there's still another day! If you missed today, get down to Bow Valley College tomorrow.

@bsideskc was a fantastic conference. Fun contests, engaged attendees, insight keynotes (@TimMedin) and a fascinating badge. (Badge Pirates...

@bsideskc was a fantastic conference. Fun contests, engaged attendees, insight keynotes (@TimMedin) and a fascinating badge. (Badge Pirates did it again!) Thank you, Eric Helm and all the volunteers, for having me and letting me speak on securing critical infrastructure and key resources.

I'm really looking forward to @bsideskc on Saturday. Please flag me down to catch up or say hi, if you're there.

I'm really looking forward to @bsideskc on Saturday. Please flag me down to catch up or say hi, if you're there.

I'm embarrassed to say that until recently, I thought @GrrCON was a security conference with a pirate/tiger/bulldog theme. 🤦‍♂️...

I'm embarrassed to say that until recently, I thought @GrrCON was a security conference with a pirate/tiger/bulldog theme. 🤦‍♂️ I know better now.

My talk is on Friday at 3pm. If you'll be there, please flag me down to say hi! Love to meet in person.

At @defcon 31, I entered the Recon Acharya challenge by @reconvillage I had the dubious distinction of almost winning but also...

At @defcon 31, I entered the Recon Acharya challenge by @reconvillage I had the dubious distinction of almost winning but also spectacularly losing.

Here is my write-up: https://riskreboot.substack.com/p/snatching-defeat-from-the-jaws-of

Would a video walk-through interest anyone? If I get 200 (boost|favourite)s, I'll make a recording.

Thank you so much to @frankmcg, @alyssam_infosec, and the rest of the @BlueTeamCon team for hosting a great conference and accepting my...

Thank you so much to @frankmcg, @alyssam_infosec, and the rest of the @BlueTeamCon team for hosting a great conference and accepting my talk. Kudos also goes to @hacks4pancakes for a fantastic keynote and an excellent careers village. Thank you all!