Austin Baker

2.5K posts

Austin Baker

@BakedSec

IR at LinkedIn | focused on the intersection of data science, engineering, and cybersecurity | Scooping up APT and bopping them on the head | opinions my own

가입일 Ekim 2018

263 팔로잉1.7K 팔로워

Austin Baker@BakedSec·13 Kas

Build a career where you always bring something valuable to the table - that can be depth, breadth, or even just unbridled tenacity and grit. If you do this, you'll find there's a seat for you more places than not.

Matt Zorich@reprise_99

People often ask me what they should learn or study in cybersecurity and my advice is always the same; aim for technical excellence with things you love to do and aim for broad technical competency in as many related things as you can - a diverse base of knowledge is career gold

English

570

Austin Baker@BakedSec·7 Kas

@HackingLZ When the red team realizes GDPR applied to them too

GIF

English

125

Justin Elze@HackingLZ·7 Kas

Just make sure you're within data retention rules :) x.com/N7WEra/status/…

N7WEra@N7WEra

The more I think about it the more I see red teams as big data game, needs to collect as much information about hosts and everything that the C2 is doing. Aggregate all data.

English

2.5K

Austin Baker 리트윗함

Elmo@elmo·5 Kas

Elmo loves you. ❤️

Sesame Street@sesamestreet

Stop scrolling, take a deep breath, and use the next few minutes to escape to a place where the air is sweet. 💛💚

English

951

18.3K

156.8K

4.1M

Austin Baker@BakedSec·31 Eki

When you have a file lock on the investigation timeline so some goober associate doesn't try to merge in their horrendously formatted system timeline into the main one while you're compiling new IOCs to track (it me, I was the goober)

U.S. Graphics Company@usgraphics

LOTO (Lock-Out-Tag-Out) cards exemplify peak analog goodness: combining a physical tag, industrial graphics, and a locking mechanism—a critical safety tool to prevent unintentional and unauthorized actions during maintenance. 🧵

English

275

Austin Baker@BakedSec·27 Eki

As Brian notes, blameless does not mean without accountability. You have to be able to say "X failed because Y team made Z choice". Blameless means you don't call out individual persons and try to ruin their lives over what is typically an honest mistake.

Brian in Pittsburgh@arekfurt

"Blameless" is a very interesting word when it comes to investigations/post-mortems.😏 There are (at least) two very different senses of it: 1. No formal punishment is imposed or fault declared, but who did what where and why are still analyzed. 2. The problem fell from the sky.

English

2.7K

Austin Baker@BakedSec·25 Eki

@dinodaizovi Granted but I think the lament of most in-the-trenches practitioners is that A. Hardening is unevenly distributed and undo effort is often placed on securing niche attack vectors (the above) and B. Traceability is then neglected or upcharged by vendors for common vectors.

English

141

Dino A. Dai Zovi@dinodaizovi·25 Eki

Good cybersecurity is possible, it is just unevenly distributed. Remember the saying that if an attacker has physical access, it's game over? If someone says it, hand them a smartcard, EMV terminal, tamper-responsive HSM, or an iPhone and ask them to extract cryptographic keys.

English

7.7K

Austin Baker@BakedSec·24 Eki

People often misunderstand opportunistic targeting (baiting) employed by threat actors. You know those signs you see stapled to a pole saying you can make XXk a month only if you call this number? Yeah, they don't need to fool you - just the person desperate enough to call them.

English

195

Austin Baker@BakedSec·24 Eki

@HackingLZ Brb making my agent to translate my slides into crudely drawn mspaint pngs

English

145

Justin Elze@HackingLZ·23 Eki

I’m not excited about any of these examples is anyone?

Min Choi@minchoi

It's only been just a day since Anthropic dropped Computer Use. And people can't stop getting creative with it to do your work. 10 wild examples:

English

5.3K

Austin Baker@BakedSec·23 Eki

@FuzzySec @domchell Man if only those bad guys hadn't lost all their scruples! :D

English

121

b33f | 🇺🇦✊@FuzzySec·23 Eki

@BakedSec @domchell Standards of operational excellence Austin

English

178

Dominic Chell 👻@domchell·22 Eki

What kind of devious person would do such a thing 👀

NCSC Director Wes Street@NCSCStreet

Foreign intelligence services routinely target people online by posing as head-hunters, consultants, government officials, academics, and researchers. Here's what an actual Direct Message approach looks like, courtesy of the Australian Security Intelligence Organization.

English

8.1K

Austin Baker@BakedSec·23 Eki

@FuzzySec @domchell Why use good pretext when bad one do?

English

237

b33f | 🇺🇦✊@FuzzySec·23 Eki

@domchell The pretext is so weak ngl, maybe they do need help

English

790

Austin Baker@BakedSec·18 Eki

The conflict between these metrics, the push and pull as the organization grows and churns, is what helps confirm for you that the ecosystem is stable - not stagnant, never stagnant. But consistently operates within the boundaries of what is "acceptable/good" for each.

English

102

Austin Baker@BakedSec·18 Eki

The best metrics strategy for security operations is to find a core set of signals (3-5) that are not all aligned with each other. How fast you close a case vs. how many cases have to be reopened. How many new detections you wrote vs. your overall SNR.

English

266

Austin Baker@BakedSec·18 Eki

First World TTRPG Problems: A cool new dark, gritty setting comes out but all your "edgy" friends are now buttoned up IT professionals and only play 5E

English

206

Austin Baker@BakedSec·16 Eki

@Hexacorn A church because when all else fails in security, pray pray pray :D

English

197

Austin Baker@BakedSec·16 Eki

@HackingLZ Same thing happening with blue side certificates. Teaching investigation techniques that are largely irrelevant to modern security operations work - which has largely moved towards working entirely in EDR/SIEM land. The cert factory needs fresh bodies for our "unfilled" 1M jobs

English

681

Justin Elze@HackingLZ·16 Eki

All of the red team courses these days, I do wonder if people are being set up for failure. It’s rarely, if ever, an entry level job and continues to become more and more about development/research as the rate at which EDR and other defensive techniques iterate is much quicker than ever before. There are several routes to buying evasive tooling, implants, and other research, but that won’t completely plug the development/research gap long term.

English

257

60.3K

Austin Baker@BakedSec·10 Eki

@h4wkst3r @XForce @MSFTBlueHat @hthackers Very cool, you will have a wonderful audience :)

English

Brett Hawkins@h4wkst3r·9 Eki

I am looking forward to presenting this @XForce research at @MSFTBlueHat and @hthackers this Fall! 🎙️

Brett Hawkins@h4wkst3r

Do you want to see how to deploy C2 payloads to Windows devices via Microsoft Intune Win32 apps AND how to detect it? Check out this @XForce research I conducted earlier this year: securityintelligence.com/x-force/detect…

English

3.8K

Austin Baker@BakedSec·8 Eki

@Hexacorn @anton_chuvakin Ah I see - thank you for clarifying :) I haven't run into one of these yet but it sounds fun :D

English

Dr. Anton Chuvakin@anton_chuvakin·8 Eki

Any reactions to this? I am trying to invent something, so context is intentionally missing.... #AlertFatigue #SOC

English

13.8K

Austin Baker@BakedSec·2 Eki

@_devonkerr_ Cybersecurity got us like:

GIF

English

Devon Kerr@_devonkerr_·2 Eki

@BakedSec People overcomplicate stuff, amirite

English

Devon Kerr@_devonkerr_·2 Eki

1. Do you have visibility? 2. Do you have capability? 3. You can’t stop what you can’t see, can you? 4. If you can see it did you stop it? 5. Did you get 3 or more “no” responses? If so, start over at 1 and do the necessary thing to get to “yes”. I have solved security.

English

1.6K

탐색

@HackingLZ @dinodaizovi @FuzzySec @domchell @elonmusk @BarackObama @taylorswift13 @cristiano