Dave Luber
@NSA_CSDirector
Followers
34,422
Following
335
Media
188
Statuses
938
Director of Cybersecurity at @NSAgov . Follow @NSAcyber for unique, actionable, and timely cybersecurity guidance.
Fort Meade, MD
Joined June 2021
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Game 1
• 371885 Tweets
#LAMeetandGreetxENGLOT
• 199113 Tweets
River
• 135037 Tweets
Celtics
• 132539 Tweets
Pacers
• 116501 Tweets
Tatum
• 65794 Tweets
Temperley
• 46624 Tweets
O Vasco
• 40213 Tweets
Armani
• 38851 Tweets
Demichelis
• 36635 Tweets
Omar Geles
• 35541 Tweets
Fortaleza
• 30583 Tweets
#Aashirwad
• 23687 Tweets
Herrera
• 23171 Tweets
Haliburton
• 22339 Tweets
Jaylen Brown
• 21494 Tweets
中尾彬さん
• 16267 Tweets
VASCO DA GAMA
• 15512 Tweets
池波志乃
• 14919 Tweets
Jrue
• 14252 Tweets
Léo Jardim
• 12995 Tweets
Copa Argentina
• 12913 Tweets
Vegetti
• 12871 Tweets
Gallardo
• 12804 Tweets
Payet
• 12374 Tweets
Jアラート
• 11294 Tweets
Siakam
• 10145 Tweets
HOW CAN NSA REALLY BE SURE OF THE ATTRIBUTION? I MEAN ANYONE CAN THROW RUSSIAN MALWARE!
50
257
2K
I appreciate the
#infosec
community’s ability to find moments of levity during tough times. 😁 PS. It’s log-for-Jay.
47
248
2K
Holiday gift for you. Ghidra 11.0 released! New BSim feature can find structurally similar functions in (potentially large) collections of binaries or object files. Initial support for Rust compiled binaries. Golang improved. +more
36
342
1K
Today I am especially
#grateful
for everyone working 24/7 to keep us safe from cyber threats. Your dedication might mean missing the holiday with your family so we can spend
#Thanksgiving
with ours. Your sacrifice is appreciated!
35
163
1K
Former NSA or Intel community? Come on back! We now have a vacancy listing to fast track former employees back in. Check it out.
419
229
1K
Only 9% of the
#cybersecurity
workforce consists of Black Americans. As a result, there is a strong need to recruit and hire Black cybersecurity talent. Many organizations are willing to pay for training and certifications.
@TyranceIi
#ShareTheMicInCyber
(11/19)
46
323
1K
Ghidra 10.3 released. Come to the dark side! Dark themes officially supported. New training course materials for the Debugger. Initial Golang binary analysis for Go 1.18. Many more bugfixes and improvements.
22
276
962
I really believe that if your infrastructure can’t survive a user clicking a link, you are doomed. I’m the director of cybersecurity at NSA and you can definitely craft and email link I will click…
48
206
951
Super awkward. Got confronted by
@birdsarentreal
to stop the
@NSAgov
avian spying programs. Luckily Chris Krebs
@C_C_Krebs
was around to help.
55
124
936
Ghidra Version 10.1 released! *Remediates the Log4J vulnerability* Includes many new features/capabilities, performance improvements, bug fixes, and many pull-request contributions. Full what's new:
Release is here:
11
319
899
I'm excited to announce the new official account for
@NSAGov
's Cybersecurity Director! I'll share insights and information about what we are up to. Look forward to engaging with you.
42
129
879
One of my top priorities is hiring diverse talent in cybersecurity. Here are our top five openings - including entry-level jobs. Come join our amazing team!
35
214
758
@tarah
Use of signal is NOT a question nor a consideration for a clearance. Your mentee, like many in this thread, is over imagining the process. As has been stated, a lot of cleared folks use signal. We even recruit for people that understand why this is a good practice!
13
85
757
New minor release for Ghidra. Debugger improvements as well as bug fixes to the analyzer, C parsing, the decomplier, the gui and more.
13
172
724
Cybersecurity is a timeless game of cat and mouse. Attackers advance, defenders respond, and the chase continues. Stay agile, stay secure!
26
101
670
Curious about post-quantum cybersecurity? We recently updated NSA’s FAQ on the subject.
21
244
674
She’s a 10 **because** she uses Ghidra!
12
57
669
@IanColdwater
@likethecoins
NSA is hiring. Wide array of opportunities across cybersecuiry, capability development and SIGINT. Must get a clearance. This is an amazing stable opportunity if that is now a priority. Hit me up and I’ll get someone in touch to discuss and navigate the process.
55
114
634
NSA cybersecurity best practices do indeed recommend utilizing ad blocking. Read more from NSA on blocking unnecessary advertising here:
New: the online advertising ecosystem is so bad—with risk of hackers and harvesting data on people—that U.S. intelligence community has deployed network-based ad blockers, according to letter sent by Congress. Shows just how malicious online advertising is
16
367
673
8
278
620
We are getting better at sanitizing sensitive intelligence to enable cybersecurity. What we know is only useful if someone can use it.
26
102
586
Ok internet help me caption this photo with legendary status amongst my friends....
239
41
568
Got a naked laptop? Get a big NSA sticker for it. Guaranteed conversation starter!
Pick them up at the
@NSAGov
@NSACyber
booth on the RSA floor.
#WeAreHiring
62
40
516
@jabreity
@IanColdwater
@likethecoins
NSA is actually a place that embraces diversity. I’m definitely down with pink teddy bears. Basically, you do you.
14
27
490
The average CISO tenure is 18 to 24 months. It’s a hard job. Much of the stress is knowing what to do but not being given the resources to do it. Advocate for security.
39
132
477
Active exploitation Citrix devices underway by APT5.
@NSACyber
threat hunting guidance linked below to identify and remediate this activity. Update to the latest Citrix release, check for compromise, and let us know if you find anything.
10
236
473
Our ‘Living off the Land’ advisory provides important context on Chinese intrusions into critical infrastructure. You can’t rely on IOCs and malware detection. You need to focus on tradecraft.
18
143
458
For NSA there has been, and will be only one definition!
21
54
448
Releasing an exploit proof of concept is a hot debate. Some argue it’s educational, but it can also empower malicious actors. We see bulk exploitation rates explode after, but advanced compromises against key victims don’t change a lot. What’s your take?
100
68
437
#Ghidra
13.1 is out, including the addition of new training course materials for the Debugger. More contributions for the community!
6
132
428
#CVE
-2021-4034 in a system tool called Polkit has me concerned. Easy and reliable privilege escalation preinstalled on every major Linux distribution. Patch ASAP or use the simple chmod 0755 /usr/bin/pkexec mitigation. There are working POCs in the wild.
15
187
428
The log4j vulnerability is a significant threat for exploitation due to the widespread inclusion in software frameworks, even NSA’s GHIDRA. This is a case study in why the software bill of material (SBOM) concepts are so important to understand exposure.
33
212
416
Thanks to Rob Joyce for his exceptional leadership of
@NSACyber
over the last few years! I’m honored to take on this role as the new Director of Cybersecurity at NSA. Cyber is a team sport – I’m looking forward to working with partners across the community. - DPL
47
53
411
I really could begin and end the whole month with this post. Come on people. We know what we need to do…
18
97
394
In case you want to follow the CSD Director’s account:
22
28
373
Attackers will work to know your network better than you do. They will find shadow IT, misconfigurations, weak authentication and unpatched devices containing n-days. Discover and fix it before them.
#KnowledgeIsPower
#KnowledgeIsSecurity
18
101
360
Important
@CISAgov
alert: Malware inserted into widely used JavaScript library (npm package) AParser.js which reads information stored inside user-agent strings. Developers must update to patched versions: 0.7.30, 0.8.1, 1.0.1
5
258
349
Have you prepared for a DDOS attack? Consider the impact of outages and keep critical sites up using a deliberate mitigation plan.
12
61
347
Safe havens for cyber criminals creates disproportionate risk for all of us. Russian tolerance of ransomware actors is a scourge on of the victims.
74% of ransomware revenue goes to Russia-linked hackers:
20
199
340
We continue to remember the sacrifice of Navy CTIS Shannon M. Kent, five years ago today. She gave her life "serving in silence," while supporting Combined Joint Task Force - Operation Inherent Resolve in Syria Jan. 16, 2019. She was in an elite military intelligence unit. 1/2
14
58
326
We are seeing Chinese targeting of political, economic, military, educational orgs and more to access sensitive data. Our advisory provides mitigations for 50 common Chinese state-sponsored
#cyber
techniques. Review and take action!
We collaborated with
@CISAgov
&
@FBI
on our
#cybersecurity
advisory, detailing Chinese state-sponsored actor
#TTPs
used against U.S. and allied networks. For a thorough understanding of this cyberthreat, read our overview, observed TTPs & mitigations.
40
432
767
9
159
320
Proud to announce the launch of our first-ever NSA Cybersecurity Directorate (CSD) Summer Intern Program! Undergrad, grad, and doctoral students can apply today to experience our mission first-hand:
18
99
321
@RayRedacted
Attackers put in the time to know the network and the devices better than the defenders. That’s how they win.
14
108
318
Shipping insecure software and relying solely on patching is like launching a leaky ship and hoping to fix it at sea. Secure foundations save you from sinking.
#SecureByDesign
listen to
@CISAgov
29
65
316
Mandiant working with VMware to release info on Novel Malware Persistence Within ESXi Hypervisors. Active exploitation found. This is one to watch for the Defense Industrial Base and others with sensitive information targeted by nation states.
5
134
312
This is what my inbox looks like around the major cybersecurity conferences.
27
36
303
Ghidra 11.0.2 released. Bug fixes and minor improvements. Check out the "What's New" link for details.
8
93
296
In pursuit of free software through cracks and keygens? Beware, the price may be higher than anticipated. Warez are teeming with malware, ready to infiltrate your system. Be warned.
#MalwareMenace
36
57
295
I have a theory why industry collaboration has gotten easy over the years…
24
36
289
Russian government actors have used the Snake malware tool for years for intelligence collection. These technical details will help industry governments find and shut down the malware globally. Help us act!
35
97
284
You can learn from NSA’s experience working Red and Blue team engagements. Bad actors will look for easy opportunities to exploit vulnerabilities and compromise networks. Here are the top 10 cybersecurity misconfigurations we see:l along with
@CISAgov
16
89
282
Thrilled that Dave Luber takes the reins today as the new CSD Director! (this is the last NSA post from Rob J, so when the picture changes, don't think he's tweeting about himself. 😄)
38
31
287
Incident response toolkits can, and should, vary: IT response vs OT, endpoint vs network, cloud vs on-prem. What’s your must-have and go to capabilities?
14
47
274
Happy 5th birthday to our partners at
@CISAgov
!
The nation is more secure through your great work!
17
40
273
@vxunderground
@NSAGov
@ThomasJFlounder
Wasn’t going to use meme this b/c some on my team didn’t get it, but clearly you will appreciate!
Ironic that it is the same base picture I chose for this thread.
14
24
278
Huge thanks to
@PwnieAwards
for going out of the way to get
@NSAGov
our Pwnie! What an awesome honor!
11
37
268
Meme advisor
@Andrew___Morris
stops by to help understand the dark and dangerous corners of the internet.
9
18
264
Did you know? The
@birdsarentreal
movement isn’t just a quirky conspiracy theory. It’s a brilliant lesson in disinformation. Watch the TED Talk to see how it teaches us to question what we read online. Before you believe and share, apply critical thinking.
Super awkward. Got confronted by
@birdsarentreal
to stop the
@NSAgov
avian spying programs. Luckily Chris Krebs
@C_C_Krebs
was around to help.
55
124
936
39
66
266
@tarah
PS- wanted to be explicit and authoritative on the process. I totally agree with your point that use of encryption does not mean you have something to hide !
3
42
264
I’m at Shmoocon- my happy place. Feel free to grab me for a chat! Anything from geeky topics to how to navigate NSA hiring are all fair game.
29
23
257
Take this seriously. The small details make all the difference. Don’t write your own crypto…
36
47
250
New surge in Microsoft Exchange server exploitation underway. You Must ensure you are patched and monitoring if you are hosting an instance.
Keep your Exchange servers safe this weekend.
@HuntressLabs
has seen 140+ webshells across 1900+ unpatched boxes in 48hrs. Impacted orgs thus far include building mfgs, seafood processors, industrial machinery, auto repair shops, a small residential airport and more.
#ProxyShell
5
146
285
8
142
248
With AI becoming increasingly entwined in advanced systems, the NSA’s new AI Security Center is a crucial step toward ensuring protection.
NSA will uncover threats and guide trusted use in national security systems
26
56
239
This Memorial Day, reflecting on the soberness of our mission and those we support. In cyber, our job is to keep our warfighters, cryptologists, allies, and nation secure. May we never fall short and may we always remember and honor those who have made the ultimate sacrifice.
4
42
236
Hey
@SwiftOnSecurity
we need to convince
@taylorswift13
to swing by
@NSAGov
and
@NatCryptoMuseum
to see some cool cyber stuff!
#TaylorSwift
Ohhhhhh. You know what this means?
@taylorswift13
will be 20 mins away from the
@NatCryptoMuseum
in a week…
1
3
24
50
37
235
Just another day scaring APT teams and ransomware crews.
9
24
227
20
11
233
Who remembers the rainbow books? Cybersecurity information before there was infosec twitter!
Since the earliest days of computers, NSA has been focused on ensuring security for all. The Rainbow Series was the start of cybersecurity as we know it today. Read the original guidance here:
25
76
253
33
31
222
It is worth your time to learn about this tool that GCHQ gave to the community. It is powerful and flexible for a range of activities including data manipulation and analysis.
Let’s Get Cooking with CyberChef
A very advanced malware analysis and data manipulation tool is made easy to understand by
@marcellelee
at
@BSidesCharm
2022
1
36
162
7
60
220
Start your zero trust journey. Here’s the NSA guide to embracing a zero trust security model.
8
46
216
This year we have two working enigmas at RSA. Secret message a friend! Just for kicks we also brought a rare Hebern device. Is it a flex? Yeah. 💪
Stop by and play with a real enigma. 🔥
#WeAreHiring
Booth 549.
@NSACyber
11
39
213
Happy first anniversary to the NSA Cybersecurity Collaboration Center! It's amazing to see your progress an impact.
14
21
208
Cheers
@CISAgov
@FBI
@US_CYBERCOM
@StateCDP
@ONCD
@DOE_CESER
@USTreasury
@NCSC
@ASDGovAu
@cse_cst
@cybercentre_ca
@GCHQ
@USCERT_gov
@CNMF_CyberAlert
@16AF_AFCYBER
@ARCYBER
@MARFORCYBER
@USFLEETCYBERCOM
@CIA
@NCSCgov
@780thC
our
@NSACyber
industry partners and more!
#Cyber
16
35
201