Brian Caswell

@msuiche @binaryz0ne Running acquisition tools at the same privilege level of adversaries will always have evasions. Memory acquisition should be driven by goals and current capabilities. If in the VM is all you have, then you deal. If there is something better, you should use it.

Wish there was a clear resource out there about acquiring memory from VMs. Yes, there's many, but with lots of issues & inconsistencies. My tests were using VMWare. Did lot of converting & playing around but still. Add to that, the tools you use don't work/support all mem dumps!

@v3rtig0 Long ago, @hdmoore reached out to Aiden Hughes (@bruteprop) to design a logo for @metasploit. Perhaps it could happen again? BTW, @kmfdm is still rocking the BRUTE! aesthetic. We enjoyed seeing them live in Virginia a few weeks ago.

It's 2022 and we're still designing hacker t-shirts like a KMFDM album cover. I'm not complaining, mind you... I'm just pointing it out. I mean, how many of this new generation of hackers knows who KMFDM is, anyway? :-D

I've recently taken up a new form of martial art (armored combat). It's a unique experience to come at something as a novice again, having spent a large part of my adult life training on with my primary martial art (unarmored rapier combat).

Today, I completed my training to be a Chief Judge for the upcoming elections after serving as a Voting Judge in the primaries this summer. I'm doing my part to ensure fairly run elections, how about you?

@invisig0th @mattblaze Ditto. I have other idiosyncratic behaviors that I've not been able to shake, like double-tap escape to insert mode in vi. (thanks IRIX, for the weird key code delays)

@mattblaze I still do *exactly* this too...

My most deeply ingrained ritualistic superstition is that I will, until the day I die, always type "sync" twice before rebooting.

@Lee_Holmes @jsnover @HackingDave @Binary_Defense I highly recommend using leaner cuts for jerky. Bottom round or top round are my go-to. Reducing fat content is important if you're going to store it, as it's the fat that goes rancid first.

@jsnover @HackingDave @Binary_Defense We use bulk packs of chuck. You're looking for chewy, so no need for the filet mignon :)

At a super important meeting at @Binary_Defense - brought enough protein and EAA's for everyone. #BinaryDefense

While I get opensrc PAAS/SAAS offerings with integrated admin tools, I don't understand a per-hour premium for VMs w/ preinstalled opensrc packages where the user handles everything else. Is pre-installed DVWA worth $0.375/hour?

TIL: You can get VMs with Damn Vulnerable Web Apps pre-installed on Azure from integration vendor.

@anthonypjshaw @rushter I wrote it while OneFuzz was incubating in Microsoft Research as a proof-of-concept to demonstrate the APIs. We found it useful, so it's stayed part of the project.

@DFRWS FYI, the video is marked private.

The next video release from #DFRWSUSA2022 is for "KVMIveggur: Flexible, secure, and efficient support for self-service virtual machine introspection" from Stewart Sentanoe, Thomas Dangl, and Hans P. Reiser. Download the paper at dfrws.org youtu.be/pn_SzyHVeyw

@yarden_shafir Microsoft Defender Microsoft Defender Application Guard Guard?

Early weekend activity: name your favorite Windows product as Windows Defender ___________ Guard

Oof. This one stings. Drew had a major impact on my career as well as reevaluating how I saw myself.

@mboehme_ While I like the idea too, why let me know? I'm not Cas Cremers.

I'm tired of every day being International [EXPLITIVE] Cancer Day.

Apparently, the feds are going to make me two-dimensional today. Does this sort of scam actually work on some people?

Our team is hiring! #memoryforensics #rust #remotework careers.microsoft.com/us/en/job/1351…

@msuiche @MagnetForensics Congratulations @msuiche! It will be interesting to watch how Comae will grow now.

My classmates thought I was "too focused on the negative" when I pointed out that providing voters detailed voting receipts would enable coercion.

Multiple people in the class did not understand why our state did not provide detailed ballot receipts to voters. The instructors were not able to give a more satisfactory answer beyond "we just don't" which spurred discussion.

Today, I completed my training to become a Voting Judge in the upcoming election. I'm doing my part, are you?