I'm a dog and how did I get here. If I wasn't a dog my opinions are my own and not my employers.
Joined January 2022
- Tweets 1,423
- Following 463
- Followers 142
- Likes 4,054
72 Photos and videos
Pinned Tweet
I increasingly feel like the vast majority of CyberSecurity issues stem from poor governance and management of existing technologies. You can do a lot if you have the culture to tighten controls and enforce least privilege. #riskmanagement #CISSP #CyberSecurity
7
OneFishTwoFishRedFishYouPhish (parody sec dog) retweeted
31 Aug 2024
Remember the days when things were much easier for sysadmins? @techspence
dsquery user -inactive 7
Compare this to the madness of Graph PowerShell to do the same thing π€¦ββοΈ
28 Aug 2024
Tagging you @alexseigler as this long post won't show up in Notifications ;)
This should be a little more optimized than my first post:
Get-MgBetaUser -All:$true -Property SignInActivity,UserPrincipalName -Filter ("(signInActivity/lastSuccessfulSignInDateTime le {0}) or signInActivity/lastNonInteractiveSignInDateTime le {0}" -f(Get-Date (Get-Date).AddDays($(0 - 90)) -UFormat %Y-%m-%dT00:00:00Z)) | Select-Object UserPrincipalName,@{label="LastSuccessfulSignInDateTime";expression={$_.SignInActivity.LastSuccessfulSignInDateTime}},@{label="LastNonInteractiveSignInDateTime";expression={$_.SignInActivity.LastNonInteractiveSignInDateTime}} | Where-Object { $_.LastSuccessfulSignInDateTime -lt (Get-Date).AddDays(-90) -and $_.LastNonInteractiveSignInDateTime -lt (Get-Date).AddDays(-90) }
3
9
48
6,539
ChatGPT has 180,500,000 users.
But most of them are stuck in beginner mode.
Here's the ultimate cheat sheet to use chatGPT like a pro:
45
204
1,338
1,738,551
I've been saying this for years. As a former consultant, companies get the security they deserve.
16 Jul 2024
"For security reasons, we will be sending your username and password in separate emails"
This is absolute clown show security theater.
Know what? We (as an industry) get the security outcomes we deserve.
2
83
I just put in my two weeks' notice today. Goddamn it feels good. I don't think I'll ever return to the financial sector again. It's not all companies and people but there is a higher-than-average amount of people devoid of ethics or morals in the financial sector. #CyberSecurity
1
71
I've heard a lot of complaints around using MITRE coverage as a metric to measure the coverage of your cybersecurity program. Honestly though, what would you do in lieu of a metric like that? I've yet to hear a better idea. #MITRE, #CyberSecurity #Security, #CTI
2
70
OneFishTwoFishRedFishYouPhish (parody sec dog) retweeted
26 Jan 2024
Hot Take Friday:
Cyberinsurance will be useless to large enterprises and not worth the cost in under a few years.
Much wiser to put a large amount of funds into a self-investment vehicle and self-insure your own organization.
13
8
58
6,816
OneFishTwoFishRedFishYouPhish (parody sec dog) retweeted
26 Jan 2024
Personally, I think this is great news
Yes, it's going to be rough. Yes, you are going to get calls from your marketing department who set up services without telling you.
I don't care. I'm tired of bad vendors that can't figure out DKIM and the general state of email security.
25 Jan 2024
Beginning February 1st, any email you send to Gmail or Yahoo must have SPF and DKIM.
Failure to do so may result in delivery delays.
Then in April, a % of emails will begin to be rejected.
If you send > 5,000 emails then you must have a DMARC Record. sendgrid.com/en-us/blog/gmaiβ¦
9
14
196
26,536
OneFishTwoFishRedFishYouPhish (parody sec dog) retweeted
2 Jan 2024
The attackers were very sophisticated. They were drinking expensive wine and listening to classical music while they exfiltrated the data.
19
152
884
83,804
OneFishTwoFishRedFishYouPhish (parody sec dog) retweeted
26 Jul 2023
^my first time using in-line media in a tweet (π?)
still seems like a hidden feature that people only know about if they follow rapid dev updates from @engineering/@elonmusk
1
2
32
6,524
I've been using Abnormal Securities' email security product. Pretty good honestly. I have no real complaints other than the lack of ability to tune junk mail beyond a whitelist. #emailsecurity
4
100
OneFishTwoFishRedFishYouPhish (parody sec dog) retweeted
21 Jun 2023
7
64
459
37,914
OneFishTwoFishRedFishYouPhish (parody sec dog) retweeted
19 Jun 2023
I use these ALL the time.
Pros rarely memorize the commands... but they sure do know where to look up the answers!
Remember, life is so much easier when you have the answer key.
These cheat sheets are like having the best coaches at your side at all times.
19 Jun 2023
For all of you technical security geeks / nerds out there, did you know that SANS has over 50 free technical cheat-sheets you can use as a reference? No matter which tech, tool or OS you are using, we have you covered. sans.org/blog/the-ultimate-lβ¦
5
25
121
16,072
#WAF #OWASP #appsec You shouldn't buy or implement a WAF if you haven't loaded up Dirb/Nmap/Burp/Zap and understood your attack surface and web infrastructure. A WAF will not fix legacy apps without understanding the app first. #OWASP #CRS
It doesn't matter what WAF you buy. Cloudflare, F5, Fastly, Imperva, whatever it doesn't matter. What DOES matter is understanding your attack surface (containers, servers, web frameworks), risks (what data/databases are in-scope) and vulnerabilities.
1
124
OneFishTwoFishRedFishYouPhish (parody sec dog) retweeted
13 Jun 2023
Oh this is neat.
13 Jun 2023
Feeling overwhelmed by a project? Don't know where to start? We've all been there. To help get you started, check out goblin.tools/
1
3
8
2,157
OneFishTwoFishRedFishYouPhish (parody sec dog) retweeted
12 Jun 2023
If you have a tight budget and want to become an ethical hacker, we've compiled all the free (or very cheap) resources you need for your journey. You can check out all of the wonderful resources here: youtu.be/e82g80Kzg4k
4
104
336
50,402
OneFishTwoFishRedFishYouPhish (parody sec dog) retweeted
7 Jun 2023
Is it sheer coincidence that #OWASP released the Top 10 #API vulnerabilities for 2023 this week and Iβm explaining them in my first episode?
Hereβs a sneak peak of API Kitchenβs first episode premiering tomorrow.
Take a front row seat by subscribing to my channel youtube.com/@SisiNerdTV
#cybersecurity
6
45
139
8,295
OneFishTwoFishRedFishYouPhish (parody sec dog) retweeted
1 Jun 2023
Thankful Thursday
One of the very best Unix admins I ever knew was Gus.
Though he reached init 0 years ago -- his way of talking about mortality. He's someone I will think about and draw inspiration from periodically.
Tribute thread
1
2
18
118
29,083
You aren't Gartner's customer, Cisco, Palo Alto etc are.
1 Jun 2023
Them: what do you think about $tool?
me: it's exceedingly dated one of the most expensive options in the class... I've been advocating folks migrate away from it for almost a decade at this point.
T: but... it's really high on the Magic Quadrant
M: (sighs) I have some bad news...
3
115
OneFishTwoFishRedFishYouPhish (parody sec dog) retweeted
29 May 2023
Ahh yes, LinkedIn, where people reshare things they didn't create to impress recruiters nobody likes to get interviews for jobs nobody wants
2
3
19
5,602
OneFishTwoFishRedFishYouPhish (parody sec dog) retweeted
29 May 2023
Super excited to chair the SANS Institute AI Summit! the agenda has been released and looking forward to this event next week on May 31! Come join!Β SANS AI Summit - MAY 31
1
6
15
4,033