Andy Grant

Over time, I have developed a bit of a reputation for saying no to external work for my teams. At least that's how people describe it. But I realized what I actually do is shape the work, often before it even arrives. andywgrant.substack.com/p/its-more-tha…

When I left consulting, I didn’t want to run another box-checking pentest factory. I wanted to build a program that hunts truths instead of bugs. This is the philosophy behind the intuition-driven offensive security program. andywgrant.substack.com/p/intuition-dr…

I discovered a zero-click vulnerability in macOS Calendar that allowed attackers to add/delete files in the Calendar sandbox. This could lead to code execution and compromise iCloud Photos data. (Now fixed). More details on my blog: mikko-kenttala.medium.com/zero-click-cal… #macOS #infosec

@0xdade @tqbf Could it be @joegrand’s “cracking” of a bitcoin wallet password by reverse engineering the password generator used? Really awesome work! grandideastudio.com/portfolio/secu… wired.com/story/roboform…

@tqbf This seems like something I would have seen from you, or that you'd otherwise know about. I remember seeing a story about cracking someone's password hash from like... 30? 40? 50? years ago and how it still hadn't been properly cracked but that someone found a collision

@KillrBunn3 @DianaInitiative Fantastic talk! And I really enjoyed your presentation style. You have great command of tone/pitch modulation for drawing the audience into and then emphasis of your points.

Thanks for coming to my talk folks! Here's the slides, as promised: killrbunn3.com/ai-and-disinfo… #TDI2024 @DianaInitiative

Stoked to announce our first mini-#OBTS: "Objective for the We" v1.0 This *free* event offers trainings & talks to students and those interested in learning more about Apple (in)security! 🍎👾 🗓️ May 9 - 10 📍 San Francisco To learn more and to apply: #oftw" target="_blank" rel="nofollow noopener">objective-see.org/we.html#oftw

@mubix Paraphrasing a Manager of Product Security, “you cheated by encrypting the chicken-beak symbol”. We made at tshirt out of it (ascii art chicken but with < where the beak should be)

What is the dumbest thing you ever heard in a pentest/red team/security assessment/incident response report out? I’ll go first: “But if we turn WiFi broadcasting back on then anyone from anywhere in the world can connect to our corporate WiFi….”

@BillDemirkapi Congrats!!

Been a wild four years, but I'm finally done 🥲

@mubix iSEC Partners

Asking for a friend, what are some of your favorite Pentest / Red Team firms? Totally valid to say one that you have worked with or for now or in the past. Just trying to get some recommendations of options that people respect.

@Jhyp3 Must be a quote from Spiderverse 3: Simba’s MCU Phase

“Aren’t you worried about AI taking over???” >Me thinking about that time I asked ChatGPT for Spider-Man quotes and it was like “everything the light touches…. Is our kingdom”

@dyn___ @Laughing_Mantis @wdormann @jsrailton @spaceraccoon Reading threads is hard apparently and I see that @Laughing_Mantis WAS referencing the work by @spaceraccoon (which points to my older work) 🙃

@dyn___ @Laughing_Mantis @wdormann @jsrailton My work can be found at research.nccgroup.com/2020/05/05/exp… and research.nccgroup.com/2020/05/28/exp… and I'd encourage you to look at the solid research done by @spaceraccoon (spaceraccoon.dev/exploiting-ica…)

macOS Ventura 13.3 alters expected behavior for Finder’s Open With functionality for macOS installer packages: derflounder.wordpress.com/2023/04/01/mac…

@SentinelOne @philofishal Thanks for sharing! For a clean desktop, I like to use the following: alias hidedesk='defaults write com.apple.finder CreateDesktop -bool FALSE;killall Finder' alias showdesk='defaults write com.apple.finder CreateDesktop -bool TRUE;killall Finder'

🍎 15 of the most used power tricks for #security tasks, courtesy of #macOS security researcher @philofishal. Whether that's writing code, hunting for threats, recording malware behavior or triaging infected machines. Read this blog post: sentinelone.com/blog/15-macos-…

@jrozner Interns. Or find college programs that encourage/require their students to partner with industry folk for a final project.

What do you do when you want to do a large scale research project you want to do but aren't an academic and don't have grad students to take advantage of to farm out work to?

TL;DR: Don’t use ChatGPT for security code review. It’s not meant to be used that way, it doesn’t really work (although you might be fooled into thinking it does) by @chris_anley research.nccgroup.com/2023/02/09/sec…

@antman1P Awesome! Keep with it!

DEFCON (AUG 2022) to 1 JAN 2023. Approx 4.5 months. #RedTeamFit #WeHackHealth #Progress

SANS Institute CEO Eric Bassel presented Innovator of the Year to kick off the evening.   The Innovator of the Year Community Winner, @andywgrant! Congratulations! 👏   #SANSDMA

@SANSDefense @SANSInstitute @alexstamos @AparnaBawa Thank you!

@andywgrant @SANSInstitute @alexstamos @AparnaBawa And you kicked off the whole show with an amazing acceptance speech 👏 Well done!

Very honored to receive @SANSInstitute's DMA Innovator of the Year award tonight! Thank you to @alexstamos, David Thiel for setting my foundation; Jason Lee, @AparnaBawa for the support/enablement; and my team, for turning a dream into a reality. youtube.com/watch?v=ldV7GY…