8 Photos and videos
The wins of infosec as a field are under discussed, what else goes on this list? libber.org/society_level_inf…
1
34
An excellent writeup of what makes data "sensitive" and what that means for security and privacy
strategicsec.substack.com/p/…
141
The differences between performing privacy and security work in a big company for my fellow computer security people.
collingreene.com/security_an…
I'm still newer to privacy work so this is my "most likely to be wrong" writeup, feedback welcome
5
314
Compliance is different from security: collingreene.com/compliance.…
1
1
12
1,006
Thoughts on how to maximize success as an infosec team that needs to roll out changes people may not like -
collingreene.com/communicati…
3
22
Shift left in 60 seconds - libber.org/shift_left_in_60_…
I've had success with shift left as a central strategy of infosec teams for the last n years and attempted a tl;dr of it without marketing fluff
1
11
1/ We just published our first Bug Bulletin, the spot where we aim to share cool bugs we found in our own and external code, and how we found them engineering.fb.com/2022/07/2… 🧵
4
79
325
2/Our first report includes cool bugs found by our Red Team X, Bug Bounty team and ProdSec. I’m excited to see our teams’ work out there and shared with the security community. I am also happy to see cool work by our #BugBounty researchers shared cc @samm0uda @phwd_
2
16
More info on hacking ar, vr, vc hardware via our bug bounty program
tech.fb.com/announcing-bug-b…
4
21
Infosec celebrated at a college football game, a first? @nudehaberdasher where is the cruise pitt collab? :)
20 Nov 2021
So the coolest thing happened today. @UofMaryland invited my students Kevin Bock, Kyle Hurley, and me onto the field for winning the @USENIXSecurity / Facebook Internet Defense Prize!
1
2
14
Outages won't stop facebook awarding money to good security work, here are this years 3 winners of the internet defense prize: usenix.org/blog/facebook-and…
3
20
collin retweeted
5 Oct 2021
I'll be presenting "Teaching an old dog new tricks: Reusing security tools in novel domains" at #Enigma2022 in Santa Clara, February 1–3, 2022. It provides case studies of how security tools like Pysa have been used in non-security applications at Facebook bit.ly/enigma2022
1
1
7
Open sourcing our 3rd and most recent homegrown static analysis, this time for mobile/java: engineering.fb.com/2021/09/2…
12
42
Two folks on the Facebook product security team are presenting on our language-spanning security static analysis work. blackhat.com/us-21/briefings…
We are always hiring, SEA, MPK, NYC, LON: facebook.com/careers/v2/jobs…
2
19
Be well @dakami, RIP
One of the purest humans I've ever met.
You embodied the best of [hacking, curiosity, fellowship]. The vista pentest summer was one of the best of my life. Even as you mercilessly crushed us at streetfighter2 literally one-handed
x.com/dakami/status/12140132…
6 Jan 2020
This thread is absolutely a love letter to everything I’ve treasured, being an Infosec nerd. A *lot* of people were kinder than they had to be. I’m proud to say I did everything I knew to return the favor, and not ashamed to admit I didn’t always know how.
But I can document :)
2
26
collin retweeted
6 Apr 2021
For those attending @pycon (it's too late to sign up!), check out the out the talk @the_st0rm and I are giving on the myriad of APIs that can enable remote code execution in Python: us.pycon.org/2021/schedule/p…
These examples were originally compiled as a part of our work on Pysa.
1
7
16
wired.com/story/facebook-mes…
A decade of facebook bug bounty. 130,000 reports, 6,900 valid, 11.7million paid out.
An incredible team of folks lead this program now - it started in a basement and with us taking weekly trips to western union to send money orders to fulfill bounties.
7
42
Two improvements to the Facebook bug bounty: HackerPlus our loyalty program (facebook.com/BugBounty/posts…) and Facebook Bug Description Language (FBDL, facebook.com/BugBounty/posts…) a way to represent the repro of a bug for ease of understanding and increased payouts.
24
99