James is next level genius - and with Lee Holmes as a tech reviewer you know this book is on point! Buy it! It has been a joy to partner with James - and to be included in a mention with former MSRC greats such as Katie🌻Moussouris (she/her) and 🇺🇦 Nate Warfield | n0x08.bsky.social🌻 is an absolute honor. Nic Fillingham 🇦🇺🇺🇸 Security Response

m.soundcloud.com/n0x08/swolfath…

You know it’s a good day when I’m on the GreyNoise podcast in the AM, hit 30k lbs on leg day & still gotta drop the boom for a workout mix after dinner.

We don’t skip leg day 🤘

I haven’t been this stoked for a podcast appearance in a long time, see y’all tomorrow morning 🤘

I've been using GreyNoise since it was literally Andrew Morris writing me query functionality to use against a JSON endpoint and I'm looking forward to hanging out with the crew he's assembled over the years tomorrow morning!

🇺🇦 Nate Warfield | n0x08.bsky.social🌻 Check out the full article here: eclypsium.com/blog/flatlined…

My co-worker Nate Warfield (🇺🇦 Nate Warfield | n0x08.bsky.social🌻) analyzed an Ivanti firmware image. Some findings include old software (like an 8-year-old kernel) and ways to bypass integrity checking.

eclypsium.com/blog/flatlined… - I took apart the firmware of a Pulse Secure device and their integrity checking tool and the results weren’t great.

github.com/n0x08/Conferen… - Slides from my HackCon Norway talk are available on my GitHub.

hackcon.org/he-who-control…

I’m starting the 2024 conference circuit with HackCon Norway - I’m excited to meet InfoSec practitioners from one of my bucket list countries & elevate the defensive knowledge of folks who attend.

It seems that the core investigative method here is “if two people worked on something together “anywhere” then all the organizations they belong to must be colluding.”

Trust groups contain many people from many organizations. Im in several trust groups with volunteers from all…

Hey Elon Musk yesterday I asked if you could amplify the other side - you know free and balanced speech and all?

Remember when we hacked your Model S in 2013 & 2015? Remember how you asked us not to share until patches ready & you could share your side?
cti-league.com/statement-by-m…

So Elon Musk you tweeted the other side of this conversation. Will you now in the interests of free speech retweet the other side?

cti-league.com/statement-by-m…

It is important that we talk about government boundaries and ensure our rights are protected. However must make sure this conversation is bi-partisan, balanced and constructive. We must also make sure we don’t tear down our national defenses in the process. 5/5

We have no “cyber 9-1-1” in this country. There is no one to call when you face a cybersecurity attack if you don’t have the money for private incident response. Volunteering to protect our fellow citizens is a national institution in this great country. 4/5

Skilled cybersecurity workers volunteering to support these institutions makes a huge difference even if some feel the work we do is already available elsewhere. The simple fact is many organizations sit below the cybersecurity poverty line and need support. 3/5

The CTI League did not engage in censorship, it is focused on protecting the health sector. Despite testimony to congress that it is ridiculous billion dollar hospitals need help the hard truth is they do. At least one major hospital per week is hot by a ransomware incident.…

I have released a statement about our work in the CTI League. Yesterday I provided this and additional material as testimony to congress. Today we have made our github public and opened up all our files.
cti-league.com/statement-by-m…
Details are in this statement. 1/5

I'm honored to have played a small part in this series of shirts from my favorite clothing company. After 5yrs rocking their threads on ever stage we collab'd on this line. They are hands down the most comfortable shirts you'll ever wear, and the art ... well .... look at it!

Cyberattack against Johnson Controls sparks downstream concerns | Cybersecurity Dive 🇺🇦 Nate Warfield | n0x08.bsky.social🌻 warned us about this in his talk Graylog GO yesterday! cybersecuritydive.com/news/johnson-c…