Haunting as a Service 👻 @darrenpmeyer@infosec.exchange

Interesting range of responses, from "0-day is zero days since exploit (using the vuln burns the 0-day, and it's not a 0-day anymore)" to "0-day is zero days of prior disclosure to vendor before release" to "0-day is zero days of fix/patch availability"

I "grew up with" the strictest of those — a 0-day is something no one but the attacker is aware of; once it's out, it maybe WAS a 0-day but isn't anymore

Current debate: what qualifies a vuln as "0-day"? After hearing someone use it in a way that surprised me, I asked 3 others and got 4 new answers, so…

What's your definition of "0-day"?

Boosts for wide sampling appreciated

You don't need that kind of risk methodology in most cases. In fact, I'd argue that it will usually do more harm than good. What you need isn't usually to quantify your risk, it's:

• identify your security priorities

• have a sound, defensible business case for your security spending

The actuarial definition of risk (an annualised expectation of loss that's single loss amount • annual frequency) is a bit of an albatross around the neck of most infosec practice

Very few orgs are going to have the data or discipline to even use it, so they make guesses. Guesses create (sometimes extreme) bias, while the air of "using a formula" hides those biases

Anyone know good cloud threat intel/red team/threat hunter type folks? I might have an interesting job lead for that.

It is through DayQuil alone that I set my mind in motion
It is through the syrup of Pharma that nose acquires breath
The breath allows for thinking
The thinking is adequate
It is through DayQuil alone that I set my mind in motion

Talking to some friends in the industry today and it became clear to me that there are still places that don't have a technical leadership track. If you grow past senior, you're pushed into management

That's a colossal waste

It bothers me that in the 24th Century we have the capability to travel and send massive amounts data at speeds far faster than light, and yet Starfleet can't seem to avoid whole-ship com systems outages on the reg

I use both Google Chrome and Alfred for macOS, and I often need to make a Markdown-format link to a page. So I made an Alfred Workflow to do that

Type `mdlink` in Alfred and it pastes a Markdown-style link using the title and URL of Chrome's frontmost tab

`.alfredworkflow` file is available in the Releases area here: https://github.com/darrenpmeyer/alfred-chrome-current_tab_link

I'm hiring at least 4 application security engineers. You a decent #pentester, know your way around Ghidra or IDA, programmer who groks security stuff, or OS expert? Wanna break security software? Want your findings to actually get fixed? This could be your thing, DM me!

Fully remote-first, distributed team and company, solid comp and benefits

#getfedihired #jobs #appsec #infosec

I forgot how much I missed the challenge of learning a new job. It's a lot of work, but it's so satisfying. Every day has something where I get to go "ooh, neat!"

Hey remember reading books for fun? Me either. Sincerely, someone who has way too much work-related reading

Printing from macOS directly to an IPP-capable printer, using the vendor's sanctioned driver stack: works about 20% of the time.

Printing from macOS to a Linux-based CUPS server using opensource drivers for that printer (but still talking to the printer over WiFi): works 95% of the time.

Figures

I'm #hiring another Senior #AppSec engineer at CrowdStrike. This role focuses on assessing the security of various on-device sensors, including threat modeling, testing, and code review. Knowledge of OS internals is a huge plus, especially macOS or Linux. #getfedihired #nowhiring

https://crowdstrike.wd5.myworkdayjobs.com/crowdstrikecareers/job/USA---Remote/Sr-Application-Security-Engineer---Sensor--Remote-_R3238