home.social

#firstcon23 — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #firstcon23, aggregated by home.social.

  1. Slightly behind on announcements 📢

    #FIRSTCON23 may be over, but we still have content to share! Tune in this #FIRSTFriday for Diamond sponsor, @Cisco’s First Time Attendee guest Blog article: ow.ly/2ROl50P8IvK + @Cisco’s CSIRT CTO, Vinay Bansal’s #FIRSTImpressions interview here: media.first.org/podcasts/FIRST

  2. Been editing a bunch of podcasts from #FIRSTCON23. Great collection of smart people… Can't wait for the podcasts to be released.

  3. Did you miss #FIRSTCON23? Have no fear; the #FIRSTImpressions podcast is here! Check out the newest episode to learn about the critical role #PSIRT plays in Customer Trust, Adoption, and Renewal from con speakers, Kevin Hagopian and Emer O’Neill. ow.ly/IXa950OZIQB

  4. #DNS #zip TLD fun facts.

    There are about 14,000 names in the .zip zone.

    un.zip is not in the zone, but it is reserved and you can't register it.

    bidenleak.zip and trumpleak.zip were both registered on May 13 seemingly at the same time by the same registrant, and are currently parked.

    There are dozens of names that have "install" in the first label, those might be good ones for a rainy day analysis.

    dataplane.zip has a secret message if you can find it (some did at #FIRSTCON23).

    Some .zip names aren't cheap. For example, boston.zip is currently available, but it'll cost ya.

  5. Welche digitalen Bedrohungen gibt es in einem Land, in dem mit #Ransomware und #Crypto #Betrug nichts zu holen ist?

    Ich hatte die Gelegenheit, mit dem Leiter des Malawi #CERT zu sprechen. #Malawi ist eines der ärmsten Länder der Welt, dennoch setzt die Regierung auf Digitalisierung. Allein, es gibt keine Fachkräfte für #IKT #Sicherheit.

    Täter zu verhaften ist oft unmöglich - denn sie sitzen bereits in ganz furchtbaren Gefängnissen.

    heise.de/hintergrund/IT-Sicher

    #FIRSTcon23 #FIRST #Armut #Afrika

  6. The Forum of Incident Response and Security Teams (#FIRST) is proud to announce the official release of #CVSS v4.0 #ThePublicPreview. The latest information on CVSS v4.0 can be found at first.org/cvss/v4-0/ #FIRSTCON23

  7. "Prevention without pursuit is toothless, but
    pursuit without prevention is endless"

    #FIRSTCON23

  8. Final presentation of #FIRSTCON23.

    Chris Lynam, Director General of the National Cybercrime Coordination Centre (NC3)

    The integrated role of law enforcement in cyber is critical. We are all responsible for reducing the harm and effects of Cybercrime on the public.

  9. I have seen a lot of infosec.exchange links in #FIRSTCON23 presentations, almost no Twitter

  10. Scope of Cyber Hygiene Hunting
    "Pyramid of Gain for Cyber Hygiene Hunting"

    #FIRSTCON23

  11. Cyber Hygiene Hunting - A continuous / proactive approach to identification of risks that may cause future intrusion.

    IoC (Indicator of compromise) - past looking vs EoC (Enabler of compromise) - future looking

    #FIRSTCON23

  12. SBOM is only the beginning. Product Bill of Materials is the next step.

    #FIRSTCON23

  13. When you go to RFP, you should be asking these questions to get confirmation the vendor is doing the right thing.

    #FIRSTCON23

  14. @ChrisJohnRiley There's actually 12 pillars, if you want to talk about necessary, sufficient & complete security.

    They arrange such that you can't have any consequent pillar without it's antecedents.

    See dx.doi.org/10.13140/RG.2.2.126

    Perhaps let CMU SEI know :)

    #FIRSTCON23 #CyberAttack #InfoSec #CyberSec

  15. Starting off the last day if the conference with 'The four pillars of Cybersecurity" by Laurie Tyzenhaus (CERT CC)

    #FIRSTCON23

  16. Big shoutout to everyone who attended my lightning talk; “My Insta Turned Into a Honeypot”, at #firstcon23. I had a blast running through 105 slides in 5 minutes. Thanks for giving me a lot of energy! 🙏🏻

    #scammers #honeypot #instagram #firstdotcom #montreal
    @Instagram @firstdotorg

  17. A new open source tool to check the integrity of an iPhone without jailbreaking it. Great work from @ddurvaux @aaronkaplan and Emilien.

    #DFIR #FIRSTCON23

    github.com/EC-DIGIT-CSIRC/sysd

  18. The Female Conversation – Empowering Women in IR and CI

    When your job description asks for a security 'ninja' or similar, you're sending a the wrong signal for women and diverse candidates.

    first.org/conference/2023/prog

    #FIRSTCON23

  19. Today's Keynote: Why Gender Diversity is Better Security, is full of well thought out and clear information on why we should ALL think more about how we can support and encourage diversity in all areas of life.

    w/ Allison Pytlak (Stimson Center, CA); Dr. Nina Kollars (Department of Defense, US)

    #FIRSTCON23

  20. Installs/Popularity of OSS libraries is not a good signal for trust. Typosquatting common PyPi packages using various methods.

    - PyPi Popularity based on stars ⭐
    - Copies stars from the GitHub repo you supply
    - Code you supply doesn't need to come from this repo however!

    One of several options available.

    #FIRSTCON23

  21. LOFY gang shared tools with new threat actors, but backdoored them first.
    #FIRSTCON23

  22. If you're attending #FIRSTCON23 this week, please let me know. Happy to sit down and chat with people about MVSP (mvsp.dev).

  23. @hacks4pancakes +1 it's been a few years, but for a while I was there every year and I really love the global nature, community, and quality content. Love me some #FIRSTCON23

  24. Both CPE and Forcing vendors into an approach doesn't work.
    #FIRSTCON23