@dwizzzleMSFT So, he should join my BlueHat Shanghai talk. ^_^

@_f0rgetting_ Bold talk, you haven’t faced this yet ;)

@dwizzzleMSFT damn, way to call @smealum out

@tnare @smealum He can’t be stopped by mitigation’s, only security compliance training. “What is SDL”

@dwizzzleMSFT @alizardx “Just check it the admin reused a password on Pinterest”

@dwizzzleMSFT ☝🏾☝🏾☝🏾☝🏾☝🏾☝🏾☝🏾

@dwizzzleMSFT @hacks4pancakes Lol. Good security is just making it so anyone exploiting your network has some unique headache to deal with - if they have more targets they may just move on and come back later - that gives you more time.

@dwizzzleMSFT @hacks4pancakes "Damn that one character/argument they happened to randomly block/include that's making this difficult"

@dwizzzleMSFT Infosec twitter is full of experts. Most of these exploit devs can't even create rop chains.

@esizkur I think that’s part of the impact, taking the bug you have and creating the right primatives with mitigations in the way

@dwizzzleMSFT @SwiftOnSecurity I’m so glad hearing something saying this! Definitely an unpopular opinion; so much I was starting to believe the restrictions were actually useless…

@dwizzzleMSFT Open source binary and it will eventually be bypassed. Close src it & eventually reversed. Faraday cage it & will eventually be leaked. U get point. Look at pwn2own. Bypassing fully patched everything. Wut do u do at msft again??