@dzag_ profile picture
Dmitry Z @dzag_
Joined June 2018
  • Tweets 777
  • Following 423
  • Followers 189
161 Photos and videos
Dmitry Z@dzag_
10 Aug 2024
I guess I'll crawl down this rickety hallway #defcon32
A sign indicating no stopping or standing in a hallway.

ALT A sign indicating no stopping or standing in a hallway.
61
Dmitry Z@dzag_
3 Dec 2022
The most celebratory error message I've seen.
0:05
Dmitry Z@dzag_
27 Nov 2022
Boarding a plane to Las Vegas and 90% of the people are going to AWS Reinvent. Talking to strangers is way easier when you know the commonalities. Lots of random conversations.
Dmitry Z@dzag_
13 Oct 2022
I got what has to be one of the best fraudelent emails in a while on a personal account today. I'm impressed because it transcends definitions. It's technically not a phish, it's a legit Paypal notification. Abuse of PayPal's request money feature I guess?
Screenshot of fraudelent email from paypal. It is a legitimate paypal notification of a pending invoice, but the fraudster crafted the request to make it look like Paypal is sending a fraud warning and I should contact them to cancel the transaction and claim a refund.

ALT Screenshot of fraudelent email from paypal. It is a legitimate paypal notification of a pending invoice, but the fraudster crafted the request to make it look like Paypal is sending a fraud warning and I should contact them to cancel the transaction and claim a refund.

1
1
Dmitry Z@dzag_
2 Sep 2022
I'm surprised @Amtrak hasn't made a tiktok "it's corn" video for trains yet. "And when I tried it with butter, everything changed" should definitely be a shot of the new acela.
Amtrak
@Amtrak
1 Sep 2022
trains
I've been working on a talk tentatively titled "Myths and Lies in InfoSec" Some of the research I'll be referencing in the talk was inspired by one particular stat: "60% of small businesses go out of business within 6 months of a data breach" How do we know a stat is fake? 🧵⏲️
Brett Callow@BrettCallow
31 Jul 2022
Anybody know where this iffy stat came from? I’ve seen it attributed to several organizations, but its actual origin remains murky.
12
25
127
Dmitry Z@dzag_
25 Jul 2022
First day as a Security Architect at Federal Home Loan Bank of Boston done. Great team, great place. Commute less stressful than expected. Day 2&3? I get to go to AWS re:Inforce. How cool is that?
1
4
Dmitry Z@dzag_
25 Jul 2022
I'm not one to celebrate things early, so I wasn't shouting it from the rooftops before. But it feels real now. I'm going to get to do the things I want to be doing in the kind of environment where I can once again make a difference. My job is to build "awesome".
1
2
Dmitry Z retweeted
Lea S@_leisures
22 Jul 2022
I honestly cannot remember the last time I did a job search. I was extremely lucky in that most of the time I just interviewed and got the role. I was not at all prepared for the utter slog of a search I was about to do. Best piece of advice - it's a marathon not a sprint. (2/n)
1
1
3
Dmitry Z retweeted
Lea S@_leisures
22 Jul 2022
I've put off writing this thread, but figured I should share my experience job hunting from late last year which bled into early this year. If you are curious about my background you can look at my LinkedIn, but I honestly went in totally naive. #infosec #womenintech
3
2
15
Dmitry Z@dzag_
22 Jul 2022
Today I close one chapter and prepare to open another. It's my last day after 11 years at my current company. On Monday I start a new adventure that promises to be everything I have been working towards. It's crazy, scary, and exciting.
2
6
Dmitry Z@dzag_
19 Jul 2022
Doing knowledge transfer has started to feel like playing a greatest hits album. One time, I added an appendix akin to intro to cryptanalysis and then threw in "age of the universe" stuff for good measure.
Dmitry Z@dzag_
14 Jul 2022
In the days since I gave notice at my job, my time usage has been unexpected. I feel like it's been: 10% explaining my new job 10% doing daily stuff 30% offloading/transitioning knowledge 50% being the person everyone vents their frustrations to.

ALT Go On Go On GIF
2
Dmitry Z@dzag_
7 Jul 2022
Has anyone poked around M365 Outlook profile cards? There's a section called 'Works With' and it's entirely based on who you interact with and not the org chart. Seems like a gold mine for a compromised account to pivot around. Doesn't look easy to disable if you value privacy.
Dmitry Z@dzag_
30 Jun 2022
In IT chat... Helpdesk: can someone disable antivirus on [computer]? I need to reproduce with a user. There's obviously a typo there, but I'm too busy giggling to understand where.
1
Dmitry Z@dzag_
15 Jun 2022
I appear to have forgotten how to think in SQL and now I am only intuitively thinking in SPL. I literally pumped table data into Splunk because it was easier for me to analyze than in a database. Not sure if this is a success or failure.
Dmitry Z@dzag_
10 Jun 2022
This is why poorly conceived phishing tests are dangerous. It's the modern day boy who cried wolf. You send one fake message from HR and suddenly no one opens emails from HR anymore.
🍑y✨@ki_bydesign
9 Jun 2022
Replying to @ki_bydesign
Email looked legit and sent an ADP LINK so moving forward I will just ignore all emails and problem solved
1
Dmitry Z@dzag_
9 Jun 2022
Yesterday I had to reassure a new employee that they were not getting in trouble for having a web filter block message in their browser. A- what kind dystopia was their last job? B- we should probably insert more calming language in those messages by default.
1
Dmitry Z@dzag_
17 May 2022
I love reading pen test reports with reverse Checkov's guns. (Not) You recommend we do X? Objection, your honor. Facts not in evidence. Where in the report did you do something to test that? Show me how you know instead of just throwing some extra best practices in.
1
1
Dmitry Z@dzag_
16 May 2022
I had an obscure question that Google wasn't helping with today... So I went and read the original RFC document and it totally answered it. If you've ever been scared of reading those, don't be. They're usually pretty good.
1
Load more