Let's not mince words: * If you don't support trans people, you're a bad human * If you have to add caveats to your support (e.g. "as long as my kids don't see"), you're one of the worst kinds of human * Trans deserve your *unconditional* support for their humanity

That LinkedIn post is one of the all time dumbest marketing pitches I've ever seen for security services. Frist degree clownery.

Anyone criticizing @HuntressLabs for publishing unique research into first-hand observation of threat actor TTPs is telling on themselves. They're either charlatans or have an axe to grind. Either way, block them and move on (follow @0xTib3rius while you're at it though).

I love Hannah Fry’s video about this (tech bros used UV-C light at a party and sunburned their corneas). 😂 https://t.co/mcK5BTZN18

Great talk at #BlueTeamCon 👌🏻

Here’s @MalwareJake rocking his keynote at @BlueTeamCon! 🤩 #HackerAdventures

The slides from my @BlueTeamCon keynote this morning are posted here. It's unfortunately not recorded, but if this is the sort of thing your org would benefit from privately, reach out and we'll talk. https://t.co/6DMkzVgpCe

.@MalwareJake and I have thoughts...

She's a 10, But she's a CONTI operator.

After all the hype, I cannot believe how objectively bad GPT-5 is. In my experience, it is an objective step backwards in most tasks. It's pretty clear why OpenAI repeatedly delayed shipping it. Calling it now: OpenAI is toast.

Far more important than any security awareness exercise is that employees continue trusting the company. If you erode any employee trust during a phishing exercise, you've done more damage than skipping the phishing exercise entirely.

There is no evidence that phishing simulations make your organization more secure. The vendors providing these services at scale wouldn't shut up about this if their data supported it. You can easily conclude it doesn't...

I am yet to ever talk to a client who uses Cisco ACI that would recommend it to a friend (many wouldn't recommend it to an enemy). It floors me that it's still a product at all when alternatives exist in the space. It is ANYTHING BUT simple...

Do you guys remember that Reddit post about installing network equipment in your home for $250/month? Some people argued it's legitimate. I said it's probably state-sponsored from North Korea. I was wrong. It was Belarus. DONT INSTALL RANDOM SHIT IN YOUR HOUSE

One of the reasons I think security is in for a protracted downturn is the decades of spending... And most orgs only have bridle defenses to show for it. Everything has a bypass, but few security pros believe it.

I cannot emphasize enough: "Stopping ransomware attacks, 'the kind that disable EDR before doing anything else, means having controls that work even when endpoint telemetry is gone,'" You need to design your controls assuming there is no EDR and *any* creds can be compromised.

It's always difficult to explain to victims why their EDR didn't stop ransomware from detonating. Most frustrating is when they're just sure "tamper protection" would stop a kernel mode EDR killer. https://t.co/1A2uZMrdP1

🚨 ONLY 1 DAY TO GO! 🚨 The difference between panic and precision comes down to process - and in this webinar you’ll learn it from the best. Join @MalwareJake and Ibrahim Ahmed tomorrow for a LIVE webinar: Going from “Be Afraid” to “Actionable Hunt” Starts at 2:30PM ET

WE WON!!! Best. DEFCON. Ever. Thank you to @lintile for pushing through. Thanks to the whole crew for making it all work. Thanks to @MalwareJake and Pandamonium and Only LANS for being awesome competitors tonight!

Join the EFF Benefit Poker Tournament at DEF CON 32 with special emcee @lintile and celeb guests @MalwareJake @deviantollam!

Check out our amazing keynote speakers at @MalwareVillage @DEFCON 33! 🎤 Day 1 Keynote: “Break Systems, Not Promises: I Promised to do a Keynote at DEF CON” by Lena Yu aka @LambdaMamba Day 2 Keynote: “I can’t RE (and You Can Too!)” by @J0hnnyXm4s