@boblord said some pretty impactful things today at VulnCon. One of the things I'm taking to heart, and would ask of the rest of the community was "We should be increasingly intolerant of [unforgivable vulnerabilities]". To me, that means we need to call out and stop consuming products of companies who don't invest in their vulnerability management (or security in general). If a company has a product with a vuln that shouldn't exist this day in age, we need to stop empowering them with our dollars and start bringing awareness to how dangerous their products are for the entire world.

@coleens_ Got a friend with those and he swears by them. My adjustable weights are my coffee mugs, they get lighter with ever lift :P

@jerry Pro-tip. If you ever get triple-booked, you can safely ignore all three meetings. Who's going to know that you aren't in one of the other two? ;)

RIP Steve Katz :(

I'm sorry, did you forget the last 200 years of technological progress advancing productivity yet leading us to work even longer hours? If we want to work less, we need unions, not tech.

Project management simplified. You may thank me later.

@ChickenPwny I've gotten lazy... now I let ai do the boring bits of coding for me... I also think in the future I'll move to ai stuff... but more accurately, it'll probably be me telling ai to do ai stuff :D

@armamix That's the year they added Jill Barad to their board completing M$'s transformation into a cash-grabbing powerhouse. She's an amazing business woman, and clearly makes companies profitable, but that's when I started spelling Micro$oft with a dollar sign. Bunch of other stuff happened that year to support the cash-grabbing. Coincidentally the same year I discovered Warez ;)

https://learn.microsoft.com/en-us/shows/history/history-of-microsoft-1996

Been playing with Beau Bullock's GraphRunner post-exploit tool in my org's Azure. Wow, what an amazing tool! Even with a low-priv user, the amount of data you can gather is pretty nuts. Beau's webcast is tomorrow, be there or be square. https://blackhillsinfosec.zoom.us/webinar/register/WN_6g9j6BqkQ0-2T49xO4ZHHA

@paco Just listened to Thank God I'm a Hacker Boy... well done!

@coleens_ You're pretty awesome when it comes to the networking stuff. I'm an amateur at best. Got like halfway through a CCNA course before changing jobs and never getting back to it. I've been on an NDR project for a bit and am slowly filling in gaps.

-puts on interviewer glasses-

If you had the ability to go back in time and give yourself advice on the subject, what would that look like? Are there any books or crash courses that you would recommend? Packet tracer or home lab for hands-on stuff? Or both?

A new DDoS (distributed denial of service) technique named 'HTTP/2 Rapid Reset' has been actively exploited as a zero-day since August, breaking all previous records in magnitude.

https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/

I guess this happened? A flaw in HTTP/2 leaves us all pretty exposed to DDoS:

https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/

https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/

OK So I am truly humbled and honored that anyone thought I was deserving to be nominated let alone a finalist. Looks like voting is now through October 10th. My name included with a ton of great folks. #SANSDMA @SANSInstituteOfficial @thehackervalley

https://survey.sans.org/jfe/form/SV_3OA2pURJ7VU8d7g

@alyssam_infosec The best part of @BSidesRDU this year if you ask me. Likely because I was also an 80s/90s kid hanging out on IRC while the rest of the world were playing sportsball or whatever. Doing things... I mean, possibly doing things... wait, statute of limitations is waaaaay over... doing things that would definitely land me in prison today to get free internet. Disassembling my mom's VCR to see how it all worked and sweating bullets trying to remember how everything went back together as the clock ticked before she got home. The presentation really hit home.

Won this in a raffle during @InfoSecSherpa 's excellent presentation at @BSidesRDU . Thank you @crdotson, @InfoSecSherpa, and @BSidesRDU !

@alyssam_infosec just gave a truly inspiring talk at BSides RDU. I think I found my spirit human

1 damn point... Oh well, still tons of fun. Kudos to Saintrich. Well played friendo! Excellent class. SEC460 is a big ole recommend. Matt Toussain is a brilliant instructor.