🎉 It's Christmas in July!

We raised $4M to make proactive macOS security scalable for everyone.

Workshop is the first commercial platform built for Santa. Finally making allowlisting usable at scale.

Thanks to A16Z & everyone's who's believed in our mission.

The Best One Yet Podcast Feel brighter every day with our 20-minute TBOY pop-biz podcast. The 3 business news stories you need, with your hosts Nick Martell and Jack Crivici-Kramer

Pretty sure the one on the right is generated from tboypod.com (they call their fans "yetis")

sure, everybody hates snake oil — until their snake starts squeaking

Went to report, but it's already suspended

Why should security folks study software engineering (i.e. the practice of writing software in/with other teams over a long period of time)?

Managing software is really about managing *complexity* and untamed complexity is highly correlated with poor security. Try to address both at the same time.

Growing up, there was a clothing store which was famous for this. The teenagers played a game where you had to touch the far back wall of the store and then get to the exit before an employee interacted with you.

The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access In early February 2022, notably just ahead of the Russian invasion of Ukraine, Volexity made a discovery that led to one of the most fascinating and complex incident investigations Volexity had ever w...

@volexity.com’s latest blog post describes in detail how a Russian APT used a new attack technique, the “Nearest Neighbor Attack”, to leverage Wi-Fi networks in close proximity to the intended target while the attacker was halfway around the world. 
 
Read more here: www.volexity.com/blog/2024/11...

BlueTeamOps has published a new project named LOLESXi (Living Off The Land ESXi).

The project lists binaries and scripts that are natively available in VMware ESXi that have been used by threat actors in their attacks in the past.

lolesxi-project.github.io/LOLESXi/

Be careful

These translations a teacher collected might help: drive.google.com/file/d/1yrJm...

No printer

Heads up! On October 11 we ship curl 8.4.0. We cut the release cycle short for this "emergency release" with a fix for a severity HIGH CVE (and one LOW). Buckle up. And my apologies for this inconvenience.

Picard management tip: When you've gotten enough sleep, an impossible task becomes an interesting challenge.

Is this like fzf + website copier or am I missing something?

Going from a decade of Pixel -> iPhone was a similar experience for me. Nothing is intuitive. I don't understand the keyboard. Productivity took a 20% hit.

We've had first Defcon, yes. But what about second Defcon?

(When you get home and binge on talks from previous years.)

So much capability goes unutilized, simply because Open Source Software doesn't have a marketing department.

Hearing disturbing rumors that some of these protestors on the picket line are professional actors

After finishing a podcast discussing Open Source Golang development, I decided to check the dates for DFRWS this year.

It ended today 🫠

What's up?