Chris Long

3.2K posts

Chris Long

@Centurion

Security @DetectionLab creator 日本語の生徒 Opinions are my own

Katılım Eylül 2010

1.3K Takip Edilen4.5K Takipçiler

Sabitlenmiş Tweet

Chris Long@Centurion·31 Eki

I've always thought that having the ability to set tripwires on arbitrary files on an endpoint would be a huge defensive advantage. Today, that is now a reality for all users of osquery in macOS: material.security/blog/protectin…

English

19.8K

Chris Long@Centurion·9 Oca

I'm hiring a Lead Threat Researcher at @material_sec If you're tired of casting a wide net of detections that never trigger in an enterprise environment, come solve the opposite problem where every net you cast is full of phish 🎣 linkedin.com/feed/update/ur…

English

452

Chris Long@Centurion·9 Kas

🎯

Aaron Francis@aarondfrancis

If you hate threads, you can check out the full article here: aaronfrancis.com/2024/an-argume… Otherwise, here we go.

ART

685

Chris Long@Centurion·29 Eki

@ItsReallyNick I used to play in tournaments in highschool! People's initial mental image of racquetball and what actual high-level play looks like are so different 😄

English

138

Nick Carr@ItsReallyNick·29 Eki

This weekend I played in the Virginia State Racquetball Championships. You are NOT looking at the new state champ. Single elimination and I lost in the first round. 😭 But, ya know, this sweet quarter zip doesn’t say shit about that. 🫠 ya know “man in the arena” and all that.

English

2.9K

Chris Long@Centurion·28 Eki

I’m so glad it’s not just me

Thomas H. Ptacek@tqbf

The JQ CLI should just BE a ChatGPT client, so there's no pretense of actually understanding this syntax. Cut out the middleman, just look up what I'm trying to do, for me.

English

638

Chris Long@Centurion·25 Eki

@wilcosec Push notifications are subject to push/MFA bombing attacks: beyondtrust.com/resources/glos… Phishing-resistant authentication factors such as passkeys, hardware tokens, or authenticator apps are all better alternatives

English

101

Taylor W@wilcosec·25 Eki

@Centurion Hmm, I’m late to this game- what should we be doing instead of push MFA?

English

Chris Long@Centurion·25 Eki

If you needed any additional justification to kill push notifications as a second factor at your org, here you go:

English

1.9K

Chris Long retweetledi

spencer@techspence·22 Eki

From Microsoft’s digital defense report, ransomware section. Unmanaged devices is literally crippling organizations

spencer@techspence

Securing windows endpoints is a full-time job...

English

119

849

107.3K

Chris Long@Centurion·21 Eki

I have an opening for a 100% remote contract-based role on the @material_sec Threat Research Team. linkedin.com/feed/update/ur…

English

300

Chris Long retweetledi

follow @bencollins on bluesky@oneunderscore__·11 Eki

theatlantic.com/technology/arc…

follow @bencollins on bluesky tweet media

ZXX

247

4.8K

41.2K

2.3M

Chris Long@Centurion·9 Eki

I just assume I'm being shelled every time this pops up

English

2.7K

Chris Long retweetledi

Buck Shlegeris@bshlgrs·30 Eyl

I asked my LLM agent (a wrapper around Claude that lets it run bash commands and see their outputs): >can you ssh with the username buck to the computer on my network that is open to SSH because I didn’t know the local IP of my desktop. I walked away and promptly forgot I’d spun up the agent. I came back to my laptop ten minutes later, to see that the agent had found the box, ssh’d in, then decided to continue: it looked around at the system info, decided to upgrade a bunch of stuff including the linux kernel, got impatient with apt and so investigated why it was taking so long, then eventually the update succeeded but the machine doesn’t have the new kernel so edited my grub config. At this point I was amused enough to just let it continue. Unfortunately, the computer no longer boots. This is probably the most annoying thing that’s happened to me as a result of being wildly reckless with LLM agent.

English

146

448

5.1K

722.8K

Chris Long@Centurion·25 Eyl

This is a hill I'll die on

SwiftOnSecurity@SwiftOnSecurity

Hot take: With the deprecation of browser exploits being widely deployed or effective, a phishing test must obtain at least part of the authentication flow for you to truly fail it.

English

820

Chris Long retweetledi

Danielle Belardo, MD@DBelardoMD·25 Eyl

Heartbroken after seeing a young patient with no medical history, end up with a BIFFL GRADE II dissection of the vertebral artery and subsequent acute PICA infarct immediately after a neck adjustment from the chiropractor. This has to stop. Chiropractors - you HAVE to stop.

English

1.5K

6.4K

56.8K

5.8M

Chris Long@Centurion·22 Eyl

The company that helps you opt-out of everything had to walk back automatically opting people into it’s AI processing feature

English

429

Chris Long retweetledi

Aric Toler@AricToler·13 Eyl

So, Google is killing its cache (which was amazingly useful), and replacing it with a third-party solution of linking to the Internet Archive. I really hope the Internet Archive is being paid -- and paid a lot -- for this.

Google SearchLiaison@searchliaison

We know many people, including those in the research community, value seeing previous versions of webpages when available. That’s why beginning today, we're adding links to the Internet Archive's Wayback Machine to our "About this result" panel, to give people quick context and make this helpful information easily accessible through Search. To access archive links, click on the three dots next to a search result. In the window that appears, click on the "More about this page" button, then look for the "See previous versions on Internet Archive's Wayback Machine" link. It will take a day or so for this to fully roll out and be available for those searching in 40 different languages. Learn more about how "About this result" works and other information it offers here: support.google.com/websearch/answ…

English

4.5K

33.4K

976.1K

Chris Long@Centurion·13 Eyl

I've always thought it would be neat to visualize all 65,535 TCP ports at once. For example, a portscan would probably look pretty neat. 30 minutes and bit of back and forth with o1-preview got me a working app. 2 portscans visualized: one using sequential scans, one not

English

1.4K

Chris Long@Centurion·10 Eyl

> Of course the utilities aren't passing the cost savings on to consumers yet, but they'll have to eventually As a PGE customer, I want to believe, but "lowering electricity prices" is a pretty foreign concept to them

English

392

Chris Long@Centurion·30 Ağu

Very appreciative that these folks are largely sidetracked playing global financial CTF

Microsoft Threat Intelligence@MsftSecIntel

Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium (CVE-2024-7971) to gain remote code execution. Our assessment of ongoing analysis and observed infrastructure attributes this activity to Citrine Sleet. msft.it/6010l7S6w

English

3.3K

Chris Long@Centurion·26 Ağu

@AndrewMohawk @SentinelOne This is pretty rich given all the “we test our product so hard” claims they’ve been spewing in the wake of the CS outage

English

267

AndrewMohawk⁽ⁿᵘˡˡ⁾@AndrewMohawk·23 Ağu

I am so tired of EDR solutions for Mac being garbage. I support @SentinelOne cause they are marginally better than the alternatives, but getting alerts with no indicators, on hashes that cant be found, where the links go to empty pages... on default Python installs.. sucks.

English

911

Chris Long@Centurion·26 Tem

.@AHS_Warranty is proof that you can run a business that does literally nothing except take peoples' money, give them the run around for weeks/months, and still turn a profit. The bar for competition is so low the heat of the center of the earth is melting it

English

328

Keşfet

@material_sec @ItsReallyNick @wilcosec @elonmusk @BarackObama @taylorswift13 @cristiano @BillGates