copfromdrop

Legit Check Permanent legit check on me. If you’ve ever done business with me or I have helped you in any way, leave a word in the comments please. twitter.com/copfromdrop1 instagram.com/copfromdrop/ ebay.co.uk/usr/copfromdro… @copfromdrop" target="_blank" rel="nofollow noopener">sobump.com/@copfromdrop Discord: CopFromDrop#4224

@UK_Daniel_Card Detection package is weak, but suggestions are good

this looks cool #Intune #Detections #Threats

@UK_Daniel_Card I’m jealous :/ Alps?

Good Morning wonderful world! Time to get a coffee, pain au chocolate, gear up then hit the slopes! (honestly it's well early, think the lifts don't open till 0900 LOL) Just checked a few work systems, the world isn’t ending! Let’s hope this week remains ⛵️ ❤️❄️🏂🇫🇷

I know a lot of people that are not this evolved.

@UK_Daniel_Card Very cool indeed!!!

That’s cool 😎

Having been in consulting all my life, this is exactly the kind of issues I was telling my team clients need help with. Give them what they say they want, what they really want and what they actually need. They’re all at the “this doesn’t work” stage. #PEBKAC

@UK_Daniel_Card As sad as it sounds, it works.

Last quarter I rolled out our "Public WiFi & Charging Protection Initiative" to 8,000 employees. $45 per user per month for premium VPN + "secure charging kits" (just USB data blockers with our logo). $4.3 million annually. I branded it "zero-trust mobility transformation." The board ate it up in nine minutes. No one asked for evidence of actual attacks. Including me. I told everyone it would prevent "catastrophic data exfiltration" from juice jacking and evil twin hotspots. "Catastrophic" isn't quantifiable. But it sounds expensive. Legal asked how we'd measure prevented breaches. I said "threat intelligence telemetry feeds" and "risk reduction scoring." They nodded and moved on. Three months in, I pulled the endpoint logs. 14 people enabled the VPN more than twice. 3 used the data blocker (one was testing if it blocked his own charger at home). I used the VPN once—to bypass a hotel captive portal so I could watch Netflix. Took longer to connect than the video buffer. But I called it a "resilient pilot phase." Resilient means no headlines about us getting owned. Yet. The CISO asked about ROI. I showed him a dashboard. The line trended up and to the right. It tracked "avoided compromise events." I derived the number by estimating how many employees travel × industry breach averages × a fear multiplier I pulled from a 2019 FBI tweet about juice jacking. He approved next year's budget increase. We're now "posture hardened" against public infrastructure threats. It's in the quarterly investor update. A field sales rep asked why we didn't just tell people to use cellular data and portable batteries. I said we needed "enterprise-managed controls" and "audit-ready compliance artifacts." He asked what specific juice jacking incidents we'd seen in our org. I said "the absence of incidents proves the controls work." He raised an eyebrow. I added "proactive risk avoidance" to his performance objectives. He stopped asking. Our vendor sent a success story request. I told them we'd "neutralized 120,000 potential juice-jacking vectors" and "blocked 47 man-in-the-middle attempts." I got those by multiplying travel days by hypothetical attack probability from a 2023 FCC recycled advisory. They didn't ask for logs. They never do. Now we're featured in their marketing deck. "Fortune 500 enterprise achieves enterprise-grade protection from public charging and WiFi threats." The CEO reposted it on LinkedIn. 4,200 likes. He's never plugged into an airport USB in his life. Execs have a policy exemption. "Executive mobility requires unencumbered connectivity." I drafted that one too. The subscriptions renew next month. I'm pitching expansion. 15,000 more licenses + "advanced threat simulation training" (a 30-minute video no one finishes). Adoption will be mandatory. Mandatory means tracked completions. Completions are metrics. Metrics feed the dashboard. Dashboard fuels board decks. Board decks get me the CISO promotion by Q2. I still don't know if anyone's actually juice-jacked anyone in the wild. But I know what the program is for. It's for showing we're "proactively defending against emerging physical-digital threats." Proactive means spending. Spending means vigilance. Vigilance means we're serious about security. Security is whatever keeps the fear alive. As long as the graph goes up and to the right. (inspired by @gothburz - enabled by AI) #Security #FUD

@AlexTran677026 The Italian (original) version of the song is full of double meanings with sexual references. Can look all straight till you’re in puberty…. Then it hits you.

During the wedding scene of The Godfather (1972), an elderly man takes the microphone and begins to sing a traditional Neapolitan song. This is Gennaro Amato, a renowned Neapolitan comic performer who was one of the great figures of Italian-American stage and recording culture in early 20th-century New York.⁣ ⁣ The piece he performs is “C’è la luna mezzo mare” or “There’s a Moon in the Middle of the Sea”, a classic Sicilian wedding song. The song is full of meanings and humor. It’s an old folk tune about a mother and daughter discussing possible suitors.⁣ ⁣ 𝘛𝘩𝘦𝘳𝘦’𝘴 𝘢 𝘮𝘰𝘰𝘯 𝘪𝘯 𝘵𝘩𝘦 𝘮𝘪𝘥𝘥𝘭𝘦 𝘰𝘧 𝘵𝘩𝘦 𝘴𝘦𝘢, 𝘮𝘢𝘮𝘢, 𝘐 𝘸𝘢𝘯𝘵 𝘵𝘰 𝘨𝘦𝘵 𝘮𝘢𝘳𝘳𝘪𝘦𝘥,⁣ 𝘔𝘺 𝘥𝘢𝘶𝘨𝘩𝘵𝘦𝘳, 𝘸𝘩𝘰 𝘴𝘩𝘰𝘶𝘭𝘥 𝘐 𝘨𝘪𝘷𝘦 𝘺𝘰𝘶 𝘵𝘰? 𝘔𝘢𝘮𝘢, 𝘺𝘰𝘶 𝘥𝘦𝘤𝘪𝘥𝘦.⁣ 𝘐𝘧 𝘐 𝘨𝘪𝘷𝘦 𝘺𝘰𝘶 𝘵𝘰 𝘢 𝘴𝘢𝘪𝘭𝘰𝘳, 𝘩𝘦’𝘭𝘭 𝘤𝘰𝘮𝘦 𝘢𝘯𝘥 𝘵𝘩𝘦𝘯 𝘩𝘦’𝘭𝘭 𝘨𝘰.⁣ 𝘐𝘧 𝘐 𝘨𝘪𝘷𝘦 𝘺𝘰𝘶 𝘵𝘰 𝘢 𝘱𝘰𝘭𝘪𝘤𝘦𝘮𝘢𝘯, 𝘩𝘦’𝘭𝘭 𝘤𝘰𝘮𝘦 𝘢𝘯𝘥 𝘵𝘩𝘦𝘯 𝘩𝘦’𝘭𝘭 𝘨𝘰.⁣ 𝘖𝘩 𝘮𝘢𝘮𝘢, 𝘨𝘪𝘷𝘦 𝘮𝘦 𝘢 𝘩𝘶𝘯𝘥𝘳𝘦𝘥 𝘭𝘪𝘳𝘦,⁣ 𝘐 𝘸𝘢𝘯𝘵 𝘵𝘰 𝘨𝘰 𝘵𝘰 𝘈𝘮𝘦𝘳𝘪𝘤𝘢!⁣ 𝘖𝘩 𝘮𝘢𝘮𝘢, 𝘨𝘪𝘷𝘦 𝘮𝘦 𝘢 𝘩𝘶𝘯𝘥𝘳𝘦𝘥 𝘭𝘪𝘳𝘦,⁣ 𝘐 𝘸𝘢𝘯𝘵 𝘵𝘰 𝘨𝘰 𝘵𝘰 𝘈𝘮𝘦𝘳𝘪𝘤𝘢!⁣

@Justicefirst91 @_JohnHammond @sama @grok It means “DAMN”

@_JohnHammond @sama @grok what does it mean?

Peter Steinberger is joining OpenAI to drive the next generation of personal agents. He is a genius with a lot of amazing ideas about the future of very smart agents interacting with each other to do very useful things for people. We expect this will quickly become core to our product offerings. OpenClaw will live in a foundation as an open source project that OpenAI will continue to support. The future is going to be extremely multi-agent and it's important to us to support open source as part of that.

@wartranslated Why waste an amraam if you can gun it down?

Moment of a Ukrainian F-16 downing a Russian Shahed-136 drone with an AIM-120 AMRAAM missile.

@DeFiTracer Not new really…. They have always done that.

🚨 BREAKING: MULTI-BILLION $ETH MANIPULATION IS HAPPENING ON BINANCE RIGHT NOW INSIDERS PUMP AND DUMP $ETH PRICE TO LIQUIDATE ALL FUTURES POSITIONS THEY HAVE ALREADY LIQUIDATED OVER $1 BILLION IN LONGS AND SHORTS IN JUST 20 MINUTES THIS IS A PURE COORDINATED SCAM!!

Typical #ChatGPT #socute #ADHD

@kevmarriott @ImtiazMadmood This looks like social media was already available on mobile phones. Try mentioning something totally new in a casual conversation and never again in any place. After a few, you’ll get ads somehow related to that something…

@ImtiazMadmood Reminds me of the Apollo - Soyuz era. American astronauts were training with Russian cosmonauts in Star City. The Americans were accompanied by their wives on the trip one of the said wives commented on the lack of clothes hangers in their room within minutes a supply arrived.

Three friends are in a hotel room in Soviet Russia. Two friends drink vodka and loudly tell political jokes in their hotel room. The third, exhausted, tries to sleep but cannot. Frustrated, he goes downstairs for a smoke. On the way, he asks the receptionist to bring tea to room 39 in five minutes. Returning upstairs, he joins them briefly, then leans toward a power outlet and says, “Comrade lieutenant, please send tea to room 39.” His friends burst into laughter at the joke. Moments later, a knock sounds… and the receptionist arrives with a teapot. The laughter dies; his friends turn pale and silent. The evening ends abruptly, and the tired man finally sleeps. In the morning, he wakes to find his friends gone. Alarmed, he asks the receptionist what happened. She whispers nervously, “The KGB came before dawn and took them.” Horrified, he asks why he was spared. “Comrade lieutenant really liked your tea joke.”

@niyo17417 Had exactly that car. I can confirm it works like that. I’ve been more than once the only one moving after a sudden snow. Audi quattro can’t be beaten.

😱😱

@evilsocket @T3chFalcon In the same way, you do geolocation….

@T3chFalcon evilsocket.net/2015/07/27/How…

The Silent SMS is one of the creepiest surveillance tricks nobody talks about. No sound or popup. Not even a message. Your phone simply gets a hidden ping.. and it quietly replies. That reply forces your phone to talk to the nearest cell tower, updates your real-time location, and confirms you’re active. Law enforcement has used it for years. And NO you can’t stop it. 💀

@Secure_ICS_OT I’ll onboard OT in ServiceNow. Wish me luck.

OTbase (LinkedIn):

@onecodeman @AlexFinn Not necessarily, but if you don’t, you have exactly zero chances.

@AlexFinn Oh yeah? Are you saying if I build customers will ABSOLUTELY come?🤭

Hey you. Yeah you. You can literally download Claude Code right now and by the end of the night have a revenue generating app built. 0 programming required. Why tf are you doom scrolling instead?

@vxunderground Need a permanent location this side of the pond?

Our "Cyber Threat Intelligence" Discord is temporarily down. If any of you recall, I made a simple bot which collected news from various RSS feeds and pushed it to a Discord server for people to watch. Unfortunately, this bot was being hosted on critical infrastructure (a Raspberry Pi) which was housed in Europe. This in of itself isn't a problem, except the person who was housing it for me messed up his immigration paperwork and got (temporarily) deported. It turns out if you're a United States citizen, temporarily residing somewhere in Europe, and you make a small oopsie on paperwork they kick you out the country for 90 days, but let you return after and stay for a few years (???). I don't understand immigration. I'm not educated in immigration law. His papers and reasoning for residing in Europe are completely legitimate. Barring them for 90 days because of a simple mistake but allowing them to return confuses my little brain. Anyway, they kicked him out for 90 days. All his stuff is still there. Our critical infrastructure is in his apartment. Once he is allowed to return it will come back online. Chat, we've been DEPORTED.

@0xTib3rius @techspence If you add exceptions you’re literally telling them “your external layer is so secure, there’s no need to test it”. But is this the truth? Ah wait, you don’t know. You have exceptions….

@copfromdrop @techspence I'm literally a pentester. I've worked at several pentesting companies, most of which sell pentesting as I described it. Vulnerability assessment is usually highly automated, just scanning. Pentesting is more manual.

For internal pentests, we don’t ask nor do we want you to turn off security for us. That means EDR is installed and enabled and SOCs are not notified ahead of time. That’s not how everyone does it or thinks it should be done, just how we do it.

@0xTib3rius @techspence You’re describing vulnerability assessment, not pentesting. If you can’t breach, it’s either security is good or you’re not. Either case, next step is “assume compromise” and this gives a lot of info to your client. That said, it usually depends on rules of engagement and price

I think there's merit in both ways. All depends on what the customer wants to know. A lot of web app pentests would just become WAF tests if we didn't ask customers to add exceptions for us. I know that's different to internal testing, where you aren't necessarily completely blocked if you are detected. I've found a hybrid model works, where you do 80-90% of the test with security turned off, then on the last day you turn it back on and re=run the things that worked, see if you get detected / blocked. Best of both worlds. Customer knows where their vulnerabilities lie, but also which fixes they need to prioritize based on what is being detected.