Masters Thursday

Also, I spot a wild @tiraniddo.dev in the background

Oh my, I still remember this, and the individual who came by who also refused to eat it

I love what @PrivacyHQ does allowing you to generate one off credit cards. But I really wish they let you fund it without tying a bank account as the only source. Keeps me from diving in with it.

Man, I love Makar and MacKinnon, but boy did Makar make USA sweat after making that goal to tie it up, along with all the shots Canada had, including Toews.

Insane game

Woke up early to get to watch Team USA win hockey gold. Such an amazing thing to see, I am so pumped. First time since 1980!

Definitely agree

I think I can mostly agree with that. Makes sense

To go off my previous post. I think testing AI is more than valid security testing. But in my mind red teaming is about testing defenders, detections, and improving response.

When targeting AI, that isn’t it. It’s not red teaming.

But I’m open to different opinions.

So, question if the day from me. Can you “red team” AI?

I’ve seen groups and people state that they red team AI. Is it more prompt injection? Are you actively helping defenders build and scale their defenses or test their responses? Is this more a pen test vs real red team?

There are other ways to setup your system for telemetry if you are looking to see what can avoid detection.

But if you want to test your latest hotness against prevention of code execution, definitely test it against WDAC.

Find something that gets around it? Now that’s useful.

WDAC will block everything you don’t trust, even to the point you could theoretically end up boot looping your Windows box if you’re trying to load untrusted drivers, or drivers you didn’t actually allow that you need.

Ask me how I know….

SAINTCON 2018 - Chris Truncer - Introducing Effective Controls in your Environment with Windows Defe Title: Introducing Effective Controls in your Environment with Windows Defender Application Control Speaker: Chris Truncer Conference: SAINTCON 2018 Location: Track 1 Date: 2018-09-26 Time: 10:00am…

Since a lot of talk I’m seeing lately is about good defenses, especially for initial access, I’ve been preaching the good news about WDAC (formerly my fav name of Device Guard) for a while.

I think a properly set up WDAC is the bar which to test access - youtu.be/sWjhuVsSEks?...

Loving the start of my day with an email from @ISC2 saying they are auditing submission that I uploaded (with a screenshot), for a total of 1 credit hour.

¯\_(ツ)_/¯

Enjoy

Oh great, looks like a ton of data from a Wired breach just was published.

I’ve had zero clue there was even a heisman race this year

I’ve not been at gyms before where they give stripes, so this is a first, typically just belts. But I’m now a one stripe brown belt in jiu jitsu. I plenty of rolls after.

And a good day

I assume a lot of people have been playing with it, but I love testing and using @tailscale. It’s been nice being able to set up a private network, and love the wireguard usage overall.

Anyone using it for anything niche or cool?

Man, 3 rounds in and Schevchenko is dominating this fight so far.

Same with a cruise

Pretty much this

Yup!

Lucky you, it was me!

My kid just asked me if dishwashers were around when I was a kid.

What the f

Why is isc2.org asking to know my location just when going to their main website? That’s absolutely unnecessary.

Who in their right mind likes puffy Cheetos?

By far crunchy is way superior.

Getting to check out @BsidesCOS today, looking forward to it!

Ha, you all are awesome!