🎉 It's Christmas in July!
We raised $4M to make proactive macOS security scalable for everyone.
Workshop is the first commercial platform built for Santa. Finally making allowlisting usable at scale.
Thanks to A16Z & everyone's who's believed in our mission.
Posts by toryc
sure, everybody hates snake oil — until their snake starts squeaking
Went to report, but it's already suspended
Why should security folks study software engineering (i.e. the practice of writing software in/with other teams over a long period of time)?
Managing software is really about managing *complexity* and untamed complexity is highly correlated with poor security. Try to address both at the same time.
Growing up, there was a clothing store which was famous for this. The teenagers played a game where you had to touch the far back wall of the store and then get to the exit before an employee interacted with you.
@volexity.com’s latest blog post describes in detail how a Russian APT used a new attack technique, the “Nearest Neighbor Attack”, to leverage Wi-Fi networks in close proximity to the intended target while the attacker was halfway around the world.
Read more here: www.volexity.com/blog/2024/11...
BlueTeamOps has published a new project named LOLESXi (Living Off The Land ESXi).
The project lists binaries and scripts that are natively available in VMware ESXi that have been used by threat actors in their attacks in the past.
lolesxi-project.github.io/LOLESXi/
Be careful
No printer
Heads up! On October 11 we ship curl 8.4.0. We cut the release cycle short for this "emergency release" with a fix for a severity HIGH CVE (and one LOW). Buckle up. And my apologies for this inconvenience.
Picard management tip: When you've gotten enough sleep, an impossible task becomes an interesting challenge.
Is this like fzf + website copier or am I missing something?
Going from a decade of Pixel -> iPhone was a similar experience for me. Nothing is intuitive. I don't understand the keyboard. Productivity took a 20% hit.
We've had first Defcon, yes. But what about second Defcon?
(When you get home and binge on talks from previous years.)
So much capability goes unutilized, simply because Open Source Software doesn't have a marketing department.
Hearing disturbing rumors that some of these protestors on the picket line are professional actors
After finishing a podcast discussing Open Source Golang development, I decided to check the dates for DFRWS this year.
It ended today 🫠
What's up?