Joined August 2013
- Tweets 566
- Following 107
- Followers 602
- Likes 297
6 Photos and videos
29 Mar 2024
It was a real pleasure working with the @Lansweeper team on this #inventorymanagement / #CyberSecurity integration. They're great partners to have.
linkedin.com/feed/update/urn…
1
70
Timothy D. Morgan retweeted
28 Mar 2024
Learn more on @Lansweeper’s blog ( lansweeper.com/blog/partners… ), our blog ( deepsurface.com/essential-it… ), or get started now by visiting the Lansweeper - DeepSurface Integration Page ( deepsurface.com/lansweeper-i… ).
2/2
1
93
Timothy D. Morgan retweeted
28 Mar 2024
#DeepSurface is thrilled to announce our new Integration Partnership with Lansweeper!
Together we are pushing the boundaries of visibility– giving you a complete view of your assets AND where your #cybersecurity risk really exists.
1/2 🧵
1
1
120
22 Aug 2022
22 Aug 2022
And this is why I have such a hard time helping newcomers to the field... Thanks for putting it in an nutshell @halvarflake.
Wow, @halvarflake managed to capture the security "old-timer" experience in three succinct bullet points.
Timothy D. Morgan retweeted
11 Aug 2022
Coming up next on #DRNewsDesk Tim Morgan @DeepSurfaceSec @ecbftw on DeepSurface Adds Risk-Based Approach to Vulnerability Management darkreading.com/DRNewsDesk #bhusa
1
1
Timothy D. Morgan retweeted
29 Jun 2022
As mentioned in the blog post, the technique is from @ecbftw in 2013. The old is new again. 2013.appsecusa.org/2013/wp-c…
1
2
10
Timothy D. Morgan retweeted
29 Jun 2022
Check out a recent finding by one of our own, Naveen Sunkavally. CVE-2022-28219 is an unauth RCE for ManageEngine ADAudit Plus.
This XXE -> Deserialization chain often leads to host compromise as well as priv'd AD creds. Check out the blog post and POC: horizon3.ai/red-team-blog-cv…
5
250
678
9 Jun 2022
Was a fun interview.
With that said, these interviews allow for only so much depth in the answers, so I'm curious to know others' thoughts on some of the questions they asked. What are your experiences with the limits of CVSS TI? Reporting to boards?
9 Jun 2022
How is risk-based vulnerability management like the weather report?
tinyurl.com/2p87r7c7
Timothy D. Morgan retweeted
1 Jun 2022
OWASP's example implementation of check_private_ip() is quite naive. It can be bypassed with 0x7f.0.0.1 #SSRF cheatsheetseries.owasp.org/c…
3
24
110
Timothy D. Morgan retweeted
8 Feb 2022
We’re thrilled to announce our latest $4.5 million #seedfunding. Learn how we’re accelerating product development of our award-winning #vulnerability and risk management platform today #cybersecurity #automation bit.ly/3so2XO5
1
1
Timothy D. Morgan retweeted
1 Jan 2022
It’s 2022, and the fix is still “disable the anti malware agent”.
Don’t ever change, infosec/AV industry.
This tweet is unavailable
5
37
246
Timothy D. Morgan retweeted
20 Dec 2021
#Log4J Worm is ITW
@vxunderground has a sample of the self propagating worm using log4j as a vector.
It installs a Mirai bot which makes sense to targeting embedded Linux devices
Looks like it uses user-agent for exploitation and modifies the binary before sending (?)
4
149
301
Timothy D. Morgan retweeted
16 Dec 2021
If you're looking to identify jars vulnerable to the log4j bug, we wrote this tool to help: github.com/yahoo/check-log4j
110
326
Timothy D. Morgan retweeted
17 Dec 2021
TIL that http://unix:/var/run/docker.sock:/containers/json is a valid URL for got, the "Human-friendly and powerful HTTP request library for Node.js" 🤯
13
106
16 Dec 2021
Sometimes it's all about the details and this release has some really well thought-through components.
16 Dec 2021
Announcing DeepSurface Version 2.7! Check out our new dashboard customization, richer reporting, and look for us in the Azure Marketplace!
deepsurface.com/deepsurface-…