Rob Joyce
@RGB_Lights
Followers
16,606
Following
814
Media
128
Statuses
1,068
Cyber guy. These are my personal tweets.
Joined July 2013
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
DAHYUN
• 47509 Tweets
Clippers
• 35623 Tweets
#บางกอกคณิกาMeetAndซี้ด
• 33169 Tweets
ネルフェス
• 28458 Tweets
DwiTUNGGAL PRABOWOGIBran
• 23036 Tweets
FokusKERJA FokusSIAPKAN
• 22221 Tweets
All To Nene D-Day
• 18967 Tweets
GW後半戦
• 15875 Tweets
NCT DREAM TDS3 SEOUL DAY1
• 12453 Tweets
ペンラ8000円
• 11422 Tweets
キスマイ
• 10248 Tweets
410
2K
6K
Ignorance of insecurity does not get you security. We need to examine voting machines, SCADA systems, IOT and other important items in our lives. The investigation of these devices by the hacker community is a service, not a threat.
28
545
1K
I’m sure everything will be ok when LLMs are bolted onto customer support windows. I mean they helpfully generate code now. What could go wrong wrong?
lol the Amazon “search through reviews” is blindly just running an AI model now
AI has ruined using the internet
40
459
3K
3
141
1K
For my tech friends, consider using your GPUs to help analyze Coronavirus. The Folding at Home effort (remember SETI
@Home
?) is working on COVID-19 research. Install the software and donate cycles to the cause.
Use the link at the top "start folding."
41
699
996
So who had Russian criminals paying an insider to install malware as part of your threat model? Be honest now...
38
103
607
What do you do with your Christmas tree in January? Strap a rocket motor to it, of course!
33
96
580
If you watch one talk this month, make it this one. Profoundly insightful on the complexity threat to security by
@halvarflake
given at NATOs CYCON.
Video:
And slides:
8
160
579
My 2 minutes of fame….
“At times, [it] takes a hacker to defeat a hacker,” says former NSA Director of Cybersecurity Rob Joyce. He says the NSA has decided to put more resources into the foreign threat of ransomware attacks.
30
229
645
26
50
575
GHIDRA 9.0.1 has been posted.
Contains both improvements and a couple dozen bug fixes, including the security issues identified with the release.
Download:
Info on changes:
5
234
470
Ghidra processor modules: X86 16/32/64, ARM/AARCH64, PowerPC 32/64, VLE, MIPS 16/32/64,micro, 68xxx, Java / DEX bytecode, PA-RISC, PIC 12/16/17/18/24, Sparc 32/64, CR16C, Z80, 6502, 8051, MSP430, AVR8, AVR32, Others+ variants as well. Power users can expand by defining new ones
14
177
471
I hope this latest fiasco of traffic rerouting through China is the wakeup call for all of us to get serious about addressing the massive and unacceptable vulnerability inherent in today’s BGP routing architecture.
11
246
439
I won’t do this with my drone...
I won’t do this with my drone...
I won’t do this with my drone...
I won’t do this with my drone...
14
84
428
This is a great example of why it is so important to systematically and continuously verify the as-is state of you network. Assuming it is unchanged, or implemented according to policy, is a path to disaster.
8
175
394
Although I'm exempt from the potential government furlough/ shutdown, my official social media account is not. Follow here for non-NSA cybersecurity memes produced outside work hours with no government resources...
16
40
405
iPhone users. Turn off FaceTime until Apple issues a patch for iOS and you install it. Claims of major privacy issue discovered. Go to settings. Scroll down to FaceTime (green icon with camera) and switch off.
In a statement, Apple says the FaceTime bug will be fixed in a software update “later this week”.
5
88
141
10
314
384
It's here! Ghidra source code released:
This is an ongoing, supported project from
@NSAGov
. Looking forward to seeing the continued advancements and the innovation that occurs from the release.
#Ghidra
fans –
@NSAgov
has released the source code! Visit to download and customize your
#SRE
experience. Don’t miss the 9.0.2 patch also available for download.
#createyourdragon
29
364
699
3
199
381
Our Christmas light display has been repurposed to root for
@NDFootball
. Go Irish!
@NotreDame
@NDonNBC
38
103
376
Congrats to the
@NSAGov
Ghidra team for not one, but TWO pwnie award nominations!
Pwnie for most innovative research
and
Pwnie for epic achievement
8
74
348
I saw a lot of “I voted stickers” on election night here in the US. I had an equally important message from my friends
@NSAGov
...
11
82
362
Looks like the Assange / Wikileaks deadman switch just dropped. Coverage here:
55
152
354
On this Memorial Day, taking time to remember one of NSA’s recent fallen- thanks you for your service and sacrifice Chief Shannon Kent.
11
90
327
Car dealership gave me my documents on this. Ummm. Paper copies please?!?
37
25
321
Personal opinion:
@23andMe
hack was STILL worse than they are owning with the new announcement. I create unique emails for companies. ex: 23andme[xx]@[mydomain].com. That account is used NOWHERE else and it was unsuccessfully stuffed. Someone stole all their customer emails
20
91
309
Got Root? You do now with CVE-2021-3156 privilege escalation in SUDO. Exploitable Heap-based buffer overflow in a utility that is available in almost all major linux/unix OS versions.
The Qualys Research Team has discovered a critical vulnerability in
#Sudo
, which allows an unprivileged user to gain root privileges in its default configuration.
#linux
#unix
#vulnerability
18
574
757
4
127
279
Best new effort you haven’t heard about: Free, open source, peer reviewed cybersecurity education curriculums. Please use and contribute.
CLARK: Cybersecurity Labs and Resources Knowledge Base”
@NSAgov
effort to make the community better.
5
122
280
Ghidra 9.04 released!
Decompiler Improved modeling of CFG on Windows 10. added README.txt to explain how patch directory is used. Search updated Decompiler Data Type Finder- references inside nested array access. Sleigh improved error reporting in compiler. +bug fixes
We heard you and we made some improvements! Download
#Ghidra
9.0.4 today and start reversing!
#SRE
#NSA
#cybersecurity
28
121
243
4
117
259
Since we are all following CDC guidelines now, remember they also recommend vaccinating your kids!
5
63
263
Kudos: MIT cut research ties to Huawei and ZTE & established heightened risk review for work w/ Russia. An important step in considering how our educational efforts are leveraged by counties targeting our technology & use tech to repress their people
4
106
249
We released Ghidra to enable student access to powerful tools, as well as encourage advanced cybersecurity research. This is both!
3
50
253
The cybersecurity community lost a great asset to a long fight with cancer. Mike Asante will be missed. He was ahead of his time with speacilized focus on SCADA and industrial controls.
8
70
247
NSA is raising their own concern that the Microsoft RDP flaw (
#BlueKeep
) is of significant risk to unpatched systems. Patch and protect!
#Cybersecurity
Advisory: we urge Microsoft Windows administrators and users to patch systems to address the
#Bluekeep
vulnerability.
For more information, see the full advisory here:
31
460
470
12
146
243
Wasted two hours debugging intermittent issues because I flashed the wrong firmware update to a controller. 🙄 Mega-tree and floods are up and running though!
13
8
244
Multiple threads: Time to patch your windows boxes. I'm watching the debate on whether or not this is urgent. If you have something worth protecting, allowing a flaw that subverts the trust system in Microsoft Windows is seriously, seriously bad. Patch.
5
112
243
This is like people insisting they can design their own crypto implementation...
The last known photo ever taken of Franz Reichelt, an Austrian-born French tailor, who is posing here in a parachute of his own design, before jumping off the Eiffel Tower.
138
848
5K
8
39
232
The Citrix RCE is a doozie. Lots of good security architectures appropriately rely on Citrix to reduce the attack surface significantly and now they are at significant risk. Get this patched.
2
123
223
@Delta
@MattHarringer
Actions not words. Your airline, your industry, is going to survive or fail on trust. The healthy and safety of people flying must be your top priority. At this time I can’t trust your policies and actions to get on your planes.
1
11
209
Why is there no option to set the default to paste without formatting?
DEFAULT!
20
8
224
In a move that will have serious implications for supply chain security, as well as fair and equitable competition for companies up against these entities, China mandates the placement of government officials in top tech companies.
7
172
215
#Ghidra
Giveaway! This NSA swag will go to the most interesting project done with Ghidra. Post a link here to a blog or video of your work by 13/14/19. Fine print: purely arbitrary judging by me & influenced by comments. Not affiliated with my employer.
12
68
210
Everyone remembers Sean Connery for James Bond. For me, it’s the Highlander.
23
4
208
Present situation: in the
@NSACyber
Commercial Cybersecurity Center, tweeting on my personal phone, talking with reporters on our mission.
#timeschange
13
22
207
Solved. 23andme reached out to understand and make sure there was nothing they missed. They correlated my email to a breech of MyHeritage in 2018. I used a unique address with 23andme, but in 2015 they partnered with MyHeritage to provide their family tree capability 1/x
Personal opinion:
@23andMe
hack was STILL worse than they are owning with the new announcement. I create unique emails for companies. ex: 23andme[xx]@[mydomain].com. That account is used NOWHERE else and it was unsuccessfully stuffed. Someone stole all their customer emails
20
91
309
7
49
203
Lights of London. These flying angels are over Regent Street and are definitely my favorite.
4
16
201
We need tech folks to learn policy and policy folks to learn tech. The bridge between the two world is vital to our security and the industry’s health. This is a great opportunity and I’d encourage people to apply!
Hey friends
@shmoocon
, anyone interested in spending your summer getting paid to learn
#techpolicy
? Would love to see you apply!
#shmoocon
4
36
73
7
45
191
Ghidra release is coming!
9
38
190
Do I need to publish my Spotify playlist?
8
19
188
Christmas show is up and running. Some minor fixes left and new songs to add.
17
11
185
“Did Rob’s twitter get hacked?!” calls in the office today. 🙃 Nope. That’s me.
7
10
173
Critical authentication bypass on Palo Alto Networks firewalls and corporate VPNs. Need to update to latest OS. There are not many vulnerabilities assigned a 10 out of 10 scores (CVE-2020-2021)
1
114
151
I’m giving two
@defcon
talks: 11am Friday Track 1- “NSA talks Cybersecurity” and 12:00 Saturday Defcon 101 Track- “Building Absurd Christmas Light Shows”. 2nd talk is a late add and didn’t make the program. Please retweet and spread the word!
4
78
144
They are still in the manufacturer’s packages. They must be safe!
9
4
142
Wow. An iOS exploit that doesn’t involve chaining multiple vulnerabilities together is quite an accomplishment.
3
28
145
Exploiting trust in the supply chain led to a large scale compromise and follow-on focused exploitation.
Understanding who to trust and how to know if that trust is compromised is getting harder.
Absent exploitable flaws, high end adversaries will try to introduce them.
ASUS, one of world’s largest computer makers, installed backdoor on thousands of customer computers last yr after hackers compromised its software update tool. The file was signed w/ ASUS digital certificates to make it look like authentic software update.
68
3K
3K
4
76
136
Can you imagine showing up to work at
@GCHQ
on April Fool's day and your manger says Prince William was assigned to shadow you this week? I'd be like, "sure it's the prince! 😀"
4
32
139
My friend is auditioning for a Darwin Award. 12 years of Flaming Pumpkin Man without an incident, arrest, or lawsuit! 🔥 🎃 🔥
12
14
137
Now this is a cool project. Visual enigma machine simulator! 👏 👍
1
42
133
Experiencing a total eclipse is everything people say and more!
10
6
135
Great initiative by USCYBERCOM to push out information on threats and share insights they have developed.
#USCYBERCOM
Cyber National Mission Force has kicked off an initiative to upload malware samples it discovers to
@virustotal
.
#CNMF
is proud to help prevent harm by malicious cyber actors by sharing with the global cybersecurity community.
9
185
238
2
43
126
Patching SharePoint vulnerability CVE-2019-0604 is really important people. Get to it pronto!
0
77
124
My
#badgelife
collection from
@defcon
. NSA coins and patches helped me pickup some incredible badges! Thanks to all the builders
@ANDnXOR
@DCFurs
@Borgel
@compukidmike
@DCDarknet
@nyaanase
@ElJefeDSecurIT
@Team_Missing_No
and more!
8
15
123
This is an important DHS report to pay attention to. Managed service providers are being targeted as a pathway into the data of multiple customers.
3
106
123
We have a winner!
@RolfRolles
work on deobfuscating control flows along with a tool release (and promise of more to follow). Very cool!
Showcase your Ghidra project: plug-ins, additions or a neat reversing efforts. Link here for a chance to win the NSA swag! Winner announced tomorrow (Friday 3/15).
2
24
56
1
31
122
A friend observed “the Russians are in deep shit now!”
9
32
125
Holy cow… Heidi and Bruce just announced next year will be the last
@Shmoocon
.
This is not a “DEFCON is canceled”rumor. 😥
10
31
121
The new NSA Cyber tritter account launched. It will be worth the follow.
7
35
117
This was lurking in my bushes this weekend. Coincidence? I think not! True story.
19
5
116
All the ladder work for the display done on the house. Lots left to do, but this is the hard part.
11
4
111
VMware vulnerability actively being exploited in the wild. Strongly suggest updating with the company's latest patch. Don't let your remote-working architecture remain vulnerable.
Russian state-sponsored cyber actors are exploiting
#vulnerability
CVE-2020-4006 affecting VMware Workspace ONE Access. We recommend patching immediately. Read our latest
#cybersecurity
advisory for details, including detection and mitigation actions:
21
467
747
0
41
105
Citrix flaw. Feeling like the boy that cried wolf, but really.... 3rd in a string of “must patch” vulnerabilities. Get the latest patches to ensure protection from several exploitable issues including unauthenticated access and RCE.
2
46
108
Want to hunt an APT? New detailed leads here on a sophisticated GRU 85th GTsSS / FANCYBEAR tool. Will be interesting to see what emerges from analyzing current and historic data sets!
The Russian GRU 85th GTsSS, sometimes publicly known as
#APT28
or
#FancyBear
, is using a previously undisclosed
#Linux
malware called Drovorub for cyber espionage operations.
For full details and mitigations, review our
#cybersecurity
advisory with
@FBI
:
70
1K
2K
3
33
105
Son’s custom graduation cap this week. Figure there wasn’t any RGB light content on this twitter account lately. 😀
4
6
95
Fess up. When was the last time you patched your air fryer?
11
19
96
Some good background on the architecture allowing China to pull our traffic through their networks.
7
71
94
Looks like someone demonstrated one way to take advantage of the vulnerability. Like I said...a flaw that subverts the trust system in Microsoft Windows is seriously, seriously bad. Patch.
3
49
93
I vote for more cybersecurity training via music videos! Have you done your anti-phishing mandatory refresher lately? 😀
5
32
92
Happy to support Cybersecurity Education efforts across the community. We need formal ed, mentorship, OJT & self driven education. Inspiring kids and creating opportunities is high leverage. We need to get women and minorities involved early & at the same levels to be healthy
Rob Joyce from
@NSAGov
tells the audience there are 320,000 open cyber jobs in the U.S. By 2020 that number could rise to 1 million
#CERTS2019
1
15
22
3
24
89
I was sent multiple links to the "matrix house." Mapped the same effects onto mine. Video doesn't do it justice...
7
5
88
@riskybusiness
did an excellent posdcast on the Bloomberg SuperMicro story. Anyone interested in the hardware hacking claims should listen and hear some well articulated counterpoint. Still interested if someone is directly connected to a discovery of adulterated hardware-DM me
I did a thing on the Bloomberg "Big Hack" story.
@securelyfitz
, one of the story's only named sources, warned the publication that its central claim "didn't make any sense," prior to publication.
22
320
518
1
57
84