lade...
random avatar

magoo - Network

Posts Subscribe

I wrote about how detection engineering should be prioritized in a security program. Feedback and discussion...

https://infosec.exchange/@magoo/...

I wrote about how detection engineering should be prioritized in a security program. Feedback and discussion welcome!

medium.com/starting-up-securit

16.9.2024 16:38I wrote about how detection engineering should be prioritized in a security program. Feedback and discussion...
https://infosec.exchange/@magoo/...

Vulnerability Management: You should know about...

https://infosec.exchange/@magoo/...

Vulnerability Management: You should know about EPSS

medium.com/starting-up-securit

9.10.2023 21:38Vulnerability Management: You should know about...
https://infosec.exchange/@magoo/...

Writing about risk because I haven't written in a while. Here's "Beyond Controls: The Power of Risk Scenarios"It's...

https://infosec.exchange/@magoo/...

Writing about risk because I haven't written in a while.

Here's "Beyond Controls: The Power of Risk Scenarios"

It's some stuff about boosting "scenario" usage in everyday security work.

magoo.medium.com/beyond-contro

24.8.2023 00:19Writing about risk because I haven't written in a while. Here's "Beyond Controls: The Power of Risk Scenarios"It's...
https://infosec.exchange/@magoo/...

Wrote about risk communication: Talking about risk with thresholds. Feedback welcome,...

https://infosec.exchange/@magoo/...

Wrote about risk communication: Talking about risk with thresholds.

Feedback welcome, thanks!

magoo.medium.com/talking-about

20.3.2023 21:04Wrote about risk communication: Talking about risk with thresholds. Feedback welcome,...
https://infosec.exchange/@magoo/...

So in late November, a panel of 26 of us ended up forecasting a 76% chance that Twitter would have an outage by Jan 30, which happened....

https://infosec.exchange/@magoo/...

So in late November, a panel of 26 of us ended up forecasting a 76% chance that Twitter would have an outage by Jan 30, which happened. Wrote about it here: magoo.github.io/risk-measureme

Condition #1 easily passed - several newspapers of record called it a widespread outage.
Condition #2 passes, though, DownDetector being the "measurement" that the newspapers cited just barely passes the rules as written.
Condition #3 was easy - could not read or write tweets.

The rules were written to capture a real gnarly outage, and this one sorta squeaked by right over the bar.

In the future, we might be able to use panels like this for more objective measurements of downtime: deadbird.singlepane.io/d/hI9vr

Thanks to all the 🍕 panelists who participated!

17.1.2023 22:40So in late November, a panel of 26 of us ended up forecasting a 76% chance that Twitter would have an outage by Jan 30, which happened....
https://infosec.exchange/@magoo/...

CircleCI breach retrospective w/ IOCs and TTPsQuick TLDR: 1. Malware on eng laptop2. Stole active SSO session for a remote session4....

https://infosec.exchange/@magoo/...

CircleCI breach retrospective w/ IOCs and TTPs

Quick TLDR:

1. Malware on eng laptop
2. Stole active SSO session for a remote session
4. Generated production access tokens
5. Exfil'd customer ENVs, tokens, keys.
6. CircleCI encryption keys exfil'd too.

circleci.com/blog/jan-4-2023-i

14.1.2023 01:37CircleCI breach retrospective w/ IOCs and TTPsQuick TLDR: 1. Malware on eng laptop2. Stole active SSO session for a remote session4....
https://infosec.exchange/@magoo/...

https://twitter.com/badthingsdaily/status/836984397819596800?s=46&t=q_r6Az5bsCeaI74Rz7rlJg

https://infosec.exchange/@magoo/...

twitter.com/badthingsdaily/sta

5.1.2023 09:29https://twitter.com/badthingsdaily/status/836984397819596800?s=46&t=q_r6Az5bsCeaI74Rz7rlJg
https://infosec.exchange/@magoo/...

Circle CI compromised. Yes, it’s exactly like the tabletop scenario. Rotate secrets...

https://infosec.exchange/@magoo/...

Circle CI compromised.

Yes, it’s exactly like the tabletop scenario. Rotate secrets immediately.

circleci.com/blog/january-4-20

5.1.2023 03:48Circle CI compromised. Yes, it’s exactly like the tabletop scenario. Rotate secrets...
https://infosec.exchange/@magoo/...

Do you find @badthingsdaily useful?Is it funny? Inspiring? Does it prompt risk conversations at work? Tell me how you use it, I want to...

https://infosec.exchange/@magoo/...

Do you find @badthingsdaily useful?

Is it funny? Inspiring? Does it prompt risk conversations at work? Tell me how you use it, I want to know!

I'm thinking about moving it to Mastodon in the new year and want some feedback on what you like about it.

twitter.com/badthingsdaily

14.12.2022 20:48Do you find @badthingsdaily useful?Is it funny? Inspiring? Does it prompt risk conversations at work? Tell me how you use it, I want to...
https://infosec.exchange/@magoo/...

I wrote a comprehensive retrospective on the events at Uber leading to USA v. Sullivan. Regardless of your opinions of guilt, this should...

https://infosec.exchange/@magoo/...

I wrote a comprehensive retrospective on the events at Uber leading to USA v. Sullivan. Regardless of your opinions of guilt, this should help give you some perspective and context into the incident response process that led to the case.

magoo.medium.com/a-blameless-p

Happy to take corrections or feedback throughout the day. Thanks, I hope it's useful for you.

8.12.2022 17:35I wrote a comprehensive retrospective on the events at Uber leading to USA v. Sullivan. Regardless of your opinions of guilt, this should...
https://infosec.exchange/@magoo/...

OK mastodon!Lots of speculation about an inevitable severe Twitter outage everywhere.So, what % odds would you put on one happening at...

https://infosec.exchange/@magoo/...

OK mastodon!

Lots of speculation about an inevitable severe Twitter outage everywhere.

So, what % odds would you put on one happening at Twitter between now and January 30?

That's what myself and 25 others sought to gather over the weekend. The panel we put together forecasted a 72.8% belief it would happen. A chart with the spread of forecasts is attached.

We made the bar to define "severe outage" pretty high and would need to include all of the following caveats (attached in pic, or in link).

We'll track and judge the forecast here: magoo.github.io/risk-measureme

We'll see how wrong we are in January! 🎉

21.11.2022 17:59OK mastodon!Lots of speculation about an inevitable severe Twitter outage everywhere.So, what % odds would you put on one happening at...
https://infosec.exchange/@magoo/...

A group of us are organizing a forecast about Twitter stability with a closing date of tomorrow night.If you have any thoughts or opinions...

https://infosec.exchange/@magoo/...

A group of us are organizing a forecast about Twitter stability with a closing date of tomorrow night.

If you have any thoughts or opinions on whether Twitter will suffer a severe outage between now and Jan30, please share them with us!

19.11.2022 21:07A group of us are organizing a forecast about Twitter stability with a closing date of tomorrow night.If you have any thoughts or opinions...
https://infosec.exchange/@magoo/...

Analysis of Eli Lilley Stock impact after the recent Twitter impersonation...

https://infosec.exchange/@magoo/...

Analysis of Eli Lilley Stock impact after the recent Twitter impersonation
medium.com/@mrichard91/do-fake

12.11.2022 19:52Analysis of Eli Lilley Stock impact after the recent Twitter impersonation...
https://infosec.exchange/@magoo/...

This reuters exclusive on FTX smells maybe like a breach of internal tooling, or some other situations. If so, exfil is happening as I...

https://infosec.exchange/@magoo/...

This reuters exclusive on FTX smells maybe like a breach of internal tooling, or some other situations. If so, exfil is happening as I type.

Maybe:

- An insider who believes they're a creditor, securing funds
- Poorly communicated insider consolidating funds away from wallet infrastructure and into custody before bankruptcy proceedings.
- Struggle between attacker / custodial movements

Funds are consolidating on a multisig wallet as I type, which is uncommon and weird if this is a theft, but I guess not impossible?

Whole thing is strange.

reuters.com/markets/currencies

twitter.com/The_C_Hewitt/statu

12.11.2022 05:11This reuters exclusive on FTX smells maybe like a breach of internal tooling, or some other situations. If so, exfil is happening as I...
https://infosec.exchange/@magoo/...

Since I'm new here, here's some stuff about me. I was previously a Director of Security at Facebook and Coinbase.My background is...

https://infosec.exchange/@magoo/...

Since I'm new here, here's some stuff about me.

I was previously a Director of Security at Facebook and Coinbase.

My background is mostly around incident response, product security & integrity, and some other research areas. Today, I do a bunch of solo consulting and advisory work and am happy with it.

I'm currently proud of my writing on Starting Up Security (scrty.io). I've spent an enormous amount of time putting it together and it's free. Maybe you'll find it useful.

I know that a lot of us suddenly get thrown into a broad leadership role from a technical one (that's what happened to me too) and it can be a lot to figure out.

Starting Up Security benefits from feedback and I modify essays when good points are made. Please comment, DM me any thoughts, or submit something anonymously here:
docs.google.com/forms/d/e/1FAI

👍

10.11.2022 22:54Since I'm new here, here's some stuff about me. I was previously a Director of Security at Facebook and Coinbase.My background is...
https://infosec.exchange/@magoo/...

Well, let's see how this goes I guess! Are any of you using private Mastodon servers and finding that more useful than keeping your...

https://infosec.exchange/@magoo/...

Well, let's see how this goes I guess! Are any of you using private Mastodon servers and finding that more useful than keeping your identity on this one?

10.11.2022 21:15Well, let's see how this goes I guess! Are any of you using private Mastodon servers and finding that more useful than keeping your...
https://infosec.exchange/@magoo/...
Subscribe
To add news/posts to your profile here, you must add a link to a RSS-Feed to your webfinger. One example how you can do this is to join Fediverse City.
         
Webfan Website Badge
Nutzungsbedingungen   Datenschutzerklärung  Impressum
Webfan | @Web pages | Fediverse Members