Matt Monte

@HawaiiFive0day Appreciated. Only 999,997 copies left to catch up to Britany.

Well… Guess I’m buying three copies of @networkattack’s book… again (they’re great gifts for people entering the industry)

@haxrob @ImposeCost Re: chopper. I’d argue it still fits the mold. The dev and deploy costs are essentially zero at this point, so it doesn’t matter from their perspective if caught

@haxrob @ImposeCost First, thx for reading. The hope was always to get ppl thinking, so I truly appreciate small/big disagreement.

“Network Attacks and Exploitation - A framework” feels unique in the sense that it breaks down concepts into particularly theoretical terms while not remaining too dry. I haven’t yet come across other books quite like it.

@0xAlexei I wanted to use what I now use as a twitter icon (purchased use rights on it just for that reason) with a lead title of “0wn3d” but publisher suggested it could hurt sales, esp for anyone not familiar with 1337.

@thegrugq @0xMatt What could possibly go wrong?

@0xMatt @networkattack Obviously!

One thing that @networkattack points out is that anything that can be done by authorised users can be done by hackers abusing authorised users’ access.

@1njection @armitagehacker @kevinmitnick @indi303 @DAlperovitch @OpenSecTraining @HECFBlog @jnazario Ordered

@armitagehacker - pages 10, 13, 193 @kevinmitnick - page 17 @networkattack - pages 19, 39 @indi303 - page 20 @DAlperovitch - page 27 @OpenSecTraining - pages 36, 181 @HECFBlog - pages 39, 191 @jnazario - page 46

Hey all, I wanted to do a belated #infosec #FF to celebrate a bunch of the talented hackers I mention throughout my book. We are all standing on the shoulders of others in the Comp Sci field, so it’s important to recognize the work of others around you.

@cybergibbons load “*”,8,1

@Jackson_T One of the key ?’s that got me writing in the first place was “what principles should underly policy?” Glad you found the book useful.

Using principles from @networkattack's CNE framework (as an example), we can develop "tradecraft policies" to represent various engagement types. These can be used to cross-check our intuition and defend the decisions we make with reasons.

Thank you for attending my @x33fcon talk on using OODA loops to evade EDRs. Slides and write-up are available here: jackson-t.ca/ooda-loops.html. For those that missed it or want a lossy recap, check out the thread below. 🧵👇 (1/12)

@svcghost @Jackson_T Thx. Always nice to hear.

Currently reading @networkattack's _Network Attacks and Exploitation: A Framework_ and I can't put it down. I fell asleep reading it last night. Hat tip to @Jackson_T for cluing me into this book I somehow missed until this week 🙇‍♂️

I was summoned for jury duty today, and as with every other time that's happened to me, I didn't have to show up 😎 Instead, I've been sitting in the sun reading all day and it's been great

Great discussion. I appreciate how @rejectionking and @jfslowik consider the timescales involved in attacker/defender initiative.

@WylieNewmark @BuchananBen @RidT Same reaction as @BuchananBen. Thank you. And honored to be included in the company. All three try to look beyond the specific tech of the moment.

@swagitda_ Strategic and goals oriented mindset vs. tactical

Every breach, we inevitably see this kind of hindsight bias (and/or outcome bias) and failure to comprehend complex systems. Attackers think in systems, but defenders think in components. This is why the market for a single root cause festers alongside that for silver bullets.

@Kujman5000 @thegrugq As they say: Fortune favors the prepared

@thegrugq @networkattack I think it depends on the adversary. There are some groups which lean on the luck component, searching for a vuln, hoping someone clicks on a link, and there are a LOT more of them. You're right though, hubris in a single solution or entry method is a quick way to get breached.

The SolarWind backdoor was deeply integrated into the code, it was injected during their build process, and there is no way that the update server having a weak password was the pivotal factor. Like Russian Intelligence would just give up if there were a strong password instead!

@thegrugq @gannimo @gamozolabs The tech and cost are just part of determining the path of least resistance.

@gannimo @gamozolabs Those (OPSEC etc) are drivers for using 0day over phishing. It is fairly unlikely you’d want to defend forward with phishing attacks. I doubt the GRU gets hacked with email attachments! ;)

What's something about security research that you wish you knew more about?

@BrazeauSydney Thanks. Always appreciate hearing when ppl find it useful

In the series of “books I wish I’d read sooner” is @networkattack’s Network Attacks and Exploitation: A Framework. I really appreciate the solid examples and the focus on humanity throughout. amazon.com/Network-Attack…

@PenfoldDavid Appreciated

@runasand @thegrugq @networkattack Thanks for the tip. Just bought it 😎

@3141592f @runasand Starter? Usually on planes if I say “I do computer stuff” it’s a convo ender.

@runasand @RossleRed I reasoned that if someone were going to steal a car, they would steal a better car than mine... The “better car” theory of security breaks down when attacks can be automated and there is a potential positional use for every point of access.2/2

@runasand @RossleRed Context: [C]ompanies do not believe they will be targeted because they are uninteresting... I used exactly this thought process for deciding never to bother locking the doors of my first car, a machine held together by coat hangers, duct tape...1/2

I appreciate you quoting this @runasand. I first wrote it in 2014. As time passes, the idea seems to keep moving away from true in theory towards true in practice.