Attending #FIRSTCON25?
Hiring for remote security roles that are unique, flexible, and interesting?
Hit me up… I'll be here all week 👋

Prioritize your scripts and detections. If you're not a Microsoft shop, do you care about sqlcmd.exe execution?

#FIRSTCON25

"Be careful you don't overfit detection logic"

Creating a rule that only detects the test case. This brings up memories of rules that used to detect script injection by looking for "<script>" but then failed to detect simple variants like "<scr'+'ipt>".

#FIRSTCON25

The "Trough or Disillusionment" #FIRSTCON25

Mapping Atomic Red Team Tests & Rules — Some techniques align, many don't.

H/T @stonerpsu

"Prevention will fail somehow somewhere. My goal is to ensure detections are always in place and usable."

#FIRSTCON25

Accepting that we're all open to bias is the biggest challenge.

Simply being aware of bias doesn't mean that we're immune, and accepting that bias isn't just something that others are vulnerable to is critical.

#FIRSTCON25

Another interesting read — "Normalization of deviance"

"Normalization of deviance is a concept that describes the gradual process by which a behavior or practice that deviates from the established norm or standard becomes accepted as the new normal, especially within an organization."

Example: Challenger disaster

#FIRSTCON25

First time hearing about the Abilene paradox. Very interesting 🤔

"The Abilene Paradox describes a situation where a group of people collectively decides on a course of action that is counter to the preferences of most, if not all, of the individuals in the group."

#FIRSTCON25

Kick-starting #FIRSTCON25 with a deep dive into bias in forensics and incident response.

@krypt3ia What they lack in size, they make up for in violence

@krypt3ia Space dog is unhappy

@kimlockhartga

Maybe useful https://en.m.wikipedia.org/wiki/Handkerchief_code just in case 🤣

What happens when a major city suffers a data breach and the world is watching? #FIRSTCON25 speaker Matias Mesiä (NCSC-FI) shares insights from the 2024 Helsinki incident with the #FIRSTImpressions Podcast. 🚨 https://media.first.org/podcasts/FIRST_Impressions-MMesia.mp3 🔗

@Viss We should all feel free to suck at things extensively in personal and professional life… I hope we both have a chance.

@Viss You're right!!! I've sucked at this for long enough. I deserve to suck at something new for a while 🤷‍♂️

Be dirty

#ObliqueStrategies

Hungarian police ban Budapest's Pride march, but its mayor vows to hold it anyway.

Hungarian police on Thursday banned the country's main Pride march from taking place in Budapest on 28 June, citing a law against the promotion of homosexuality to minors.

The capital's mayor Gergely Karácsony vowed to hold it despite the interdiction.

https://mediafaro.org/article/20250619-hungarian-police-ban-budapests-pride-march-but-its-mayor-vows-to-hold-it-anyway?mf_channel=mastodon&action=forward

#Hungary #Pride #Budapest #LGBTQ #GergelyKaracsony

@mattblaze It's only bullshit if it comes from the DC area of the US… otherwise it's just sparkling bovine poop 💩