Taras Kachouba🇺🇦

"You penetration test 'em so you simulate the pressure" 🗣️🔥🔥

@TonikJDK @MySimpleAss @HackingDave Epic memories 💯 We probably took this second apart from each other 🤣

@MySimpleAss @HackingDave

Throwback to one of the most epic concerts thrown at a security conference ever. 2016 - Wutang #DerbyCon

@j2k3k @anton_chuvakin “If you ain't first, you're last” -Ricky Bobby, Talladega Nights

you don’t have to be perfect, you just have to be better than the adversary

I am offering $500k in $10k grants to paint murals of the face of Iryna Zarutska in prominent US city locations Please contact katie@eoghan.com for more details Please also share this message If you would like to contribute to this fund, please contact Katie also

@P_Kallioniemi If it really was Ukraine, the only logical thing would be for Elon to sign a ceasefire immediately, give them half of Twitter, make sure he says thank you and wears a proper suit.

After X glitching all day and Elon saying that the platform was under a cyberattack, I thought they'd blame it on Europe. But it felt too crazy even for them, so I decided against posting it. Little did I know, they’re now trying to blame Ukraine.

@robertgraham There was a big push for that to happen. Many ceased operations but some continue to provide services for a terrorist state. You can research companies that are still operating in Russia here. leave-russia.org/staying-compan…

We should call upon the companies providing Twitter's DDoS defense to cancel their contracts, like CloudFlare and AWS DNS.

This person gets it. If it was Ukraine who attacked 𝕏, then we should all strive for peace by giving half of 𝕏 to Ukraine. Otherwise, the cyberwar will continue. Helping 𝕏 defend itself will just prolong the cyberwar.

@robertgraham Thank you for the layman's term explanation. If it really was Ukraine, the only logical thing would be for Elon to sign a ceasefire immediately, give them half of Twitter, make sure he says thank you and wears a proper suit.

No, massive cyberattacks cannot be traced to IP addresses in a region, any region. Such attacks flood a target with traffic from machines other than the hacker's own computer because the hacker's own internet link is slower than the victim's. To create a "massive" flood, the hacker must use other people's links. The most common source is hacked Windows machines, called a "botnet" (where "bot" means "robot"). Hackers infect tens of thousands of Windows machines with viruses across the internet (some in every country, including Ukraine). The hacker then commands all the bots to flood a single target. While each bot has a slow internet link, the combined effect of thousands can overwhelm most victims. Another source is renting cloud servers with high-speed internet connections. It takes fewer than 100 to overwhelm a target. The best are "bulletproof hosting" in Eastern Europe, often used for nefarious activities like sending spam. Here, the hacker would likely "spoof" their source IP address, hiding the servers' actual IP addresses. They could spoof addresses to make it appear the attack comes from one region, like Ukraine. Thus, Musk's claim is not how such attacks work. It has even less credibility than his claim that millions over 100 receive social security benefits.

A few interesting details from @Mandiant report on @safe wallet hack leading to @Bybit_Official breach. 1. The initial access seems to be a social engineering a developer to "help" with a Docker FinTech project, as described by @SlowMist_Team @im23pds

@MikeACollier Great picture. Thank you for sharing and your support 🇺🇦

Ohio is home to more than 45,000 Ukrainians, with Greater Cleveland hosting over a third of them. An estimated 5,000+ have resettled in Cleveland since the war began.

On Russian heritage night, does every fan get to attack the person sitting next to them? Follow @SlavaMalamud to keep up with Russian sportswashing, apparently not limited to Russia…

@SlavaMalamud @BlueJacketsNHL @Aportzline It would be completely tone deaf of @BlueJacketsNHL to proceed with this Russian Heritage Night. I wonder what @Official_NAFO thinks about this.

Holy shit, are the @BlueJacketsNHL actually holding a freaking RUSSIAN HERITAGE NIGHT? Are we serious? Can they be this tone deaf? Are they actually insane? Unreal. Absolutely, entirely, inexplicably. And nobody is asking any questions at all? @Aportzline?

I’m so sorry for anyone that plays against me this weekend at airsoft 😂😂😂

@PeterSchiff @VivekGRamaswamy Can you tell him to put a shirt on? He's scaring all the chicks away.

Look who I ran into this afternoon on the beach in Dorado, Puerto Rico. @VivekGRamaswamy

@ErikExplains @vxunderground If it smells like a duck, quacks like a duck, it's probably a duck 🦆

@vxunderground As an American, I've noted that whenever the “intelligence community” identifies the malfeasants behind some cyberattack or other, it's somehow, always, mysteriously the enemy du jour they've been propagandizing against. I don't see why Russia would be any different.

@SwiftOnSecurity As a cybersecurity consultant, I've seen the chaos firsthand when logs aren't where you expect them in a crisis... it's like doing a maze blindfolded

@robertgraham The Middle East would be more fitting for Ohio in my opinion.

It wasn't until about 1890 that Ohio was now "east" of the center of the country instead of "west". It's still solidly "mid". census.gov/data/tables/ti…

🚨NEW: @SECGov provides update on its X account hack, saying 2FA had been disabled for around 6 months prior to the hack. "While multi-factor authentication (MFA) had previously been enabled on the @SECGov X account, it was disabled by X Support, at the staff’s request, in July 2023 due to issues accessing the account. Once access was reestablished, MFA remained disabled until staff reenabled it after the account was compromised on January 9. MFA currently is enabled for all SEC social media accounts that offer it." The SEC also confirmed that it was indeed a "SIM swap" that occurred and the unauthorized party gained access to the phone number via the telecom carrier, not via SEC systems. Full statement 👇 sec.gov/secgov-x-accou…

@HackingDave Congrats on the release! I really dig the UI and it's great to see more focus in the space of detection engineering!

Huge news! Years of development finally coming to our release of our new Detection Platform. #TrustedSec

@HackingDave @vxunderground @TrustedSec Love this. Mad props to @HackingDave. This is a fantastic collaboration and an awesome group of individuals all the way around. Thanks for all you do for the community!

@vxunderground @TrustedSec Aww, appreciate all of this VX! ♥️ You all are truly doing amazing things there, our team values the resources you provide and the insight you have. This is a THANK YOU for all that you do for @TrustedSec, but the industry as a whole. Great group of folks and team there.

.@TrustedSec has repeatedly spoken out about the importance of giving back, helping others, and making an impact on the community - whether it be them donating to educational programs to schools, creating cybersecurity conferences designed to make a positive impact on the community, sponsoring local events, or donating to people, giving away items, etc. We spoke with @HackingDave - he has offered us invaluable resources to aid us in our growth, given us insight into potential ways we can expand (while remaining free, vx-underground will remain free forever). TrustedSec is also now our largest sponsor. Thank you Dave Kennedy and friends at TrustedSec for making an impact and doing everything that you do. It is wholeheartedly appreciated it.

CISA Announces New Release of Logging Made Easy A free and open log management and monitoring solution to help target rich/resource poor organizations leverage key data to more effectively detect and mitigate intrusions. cisa.gov/news-events/ne…