Breaker of software | VP R&D @hunterstrategy | CTI/DFIR | @ians_security faculty | Bookings: jake at malwarejake dot com | GSE #150 | He/him

Odenton, MD
Let's not mince words: * If you don't support trans people, you're a bad human * If you have to add caveats to your support (e.g. "as long as my kids don't see"), you're one of the worst kinds of human * Trans deserve your *unconditional* support for their humanity
315
233
1,778
Dear web developers, The answer is zero. Zero. Get it through your thick skulls. Zero is the number of times anyone has EVER wanted something to autoplay on your site and start making noise. I'd honestly rather you mine crypto-currency in my browser than use my speakers. #kthxbye
561
10,304
39,135
Okay, I'm just going to throw this out there, but maybe - just maybe - a vendor having the ability to change every one of their kernel drivers in the field at the same time without any approval from IT/end users is a model we need to reconsider... @CrowdStrike.
337
2,120
18,845
2,071,878
Phishing illustrated :)
90
2,799
8,574
Man in the Middle attack...
58
1,040
7,451
Not every firewall exception is a security risk...
50
1,398
5,349
A hacker is born...
60
1,365
4,340
If corporate infosec is texting a personal number, they've stepped squarely into the line of fire...
sending goatse to gift card scammers
42
365
3,878
442,307
An attacker sends a phishing email posing as infosec staff...
35
1,295
4,009
Can we make it a rule that this guy only gets to use single core computers from here on?
143
286
3,863
I'm showing this to the next person that asks me what security compliance looks like...
122
1,077
3,717
A quick reminder of why "it's only metadata" is a bad argument...
49
648
3,541
Security vendors demonstrating how their products "would stop the Uber breach."
43
517
3,461
Next, next, next gen endpoint protection.
206
1,170
3,313
When you're trying to type 'rm -rf *.old' but hit enter after just 'rm -rf *'
101
889
3,279
Endpoint security vs modern malware...
52
571
3,233
When your security controls are blocking you from doing legitimate work...
36
1,064
3,137
When there's too much fire in your firewall...
141
1,088
2,879
Expert threat hunter identifies a covert threat and neutralizes it.
70
1,289
2,922
Quick national security note: everyone on the planet now knows the US is running without a leader at the helm. Every hour the 25th Amendment isn't invoked, we're rolling the dice that a foreign threat takes advantage of the situation. This is not a game, there is no do over.
78
569
2,664
There's always that one person in every IT shop that insists on over-automating everything... (via @misslaneym)
75
979
2,902
Totally normal, definitely not a bubble, investment cycle. fortune.com/2023/06/14/mistr…
57
366
2,555
323,819
What I expect to find when an org says "please evaluate our containerized microservices deployed across a hybrid infrastructure in a mulit-cloud environment..."
42
811
2,666
I actually feel bad for Zuckerberg. He and Facebook aren't exactly innocent here, but let's be clear: 1. Nobody forced ANYONE to use Facebook. 2. You didn't pay for it. 3. You were ALWAYS the product. 4. The goal was ALWAYS to sell you more ads and monetize your data. Period.
154
1,423
2,676
Security teams, I have good news and bad news. The good news is that executives are suddenly very interested in security controls. The bad news is, they're not interested for reasons you probably hoped when you dreamed this day might come...
15
266
2,594
72,469
Nobody* saw this coming. *Literally everyone who studies AI and automation saw this coming.
NEW: Amazon's new AI-powered cameras are penalizing delivery drivers for driving mistakes they didn't make & drivers are losing income. It's the nightmare scenario that AI experts frequently warn about. I talked to drivers about how AI is punishing them: vice.com/en/article/88npjv/a…
26
686
2,282
This boils my blood. If my social media were reviewed, there's little chance I'd be issued a US visa. Also, I'm already thinking of ways to abuse this. There's little chance foreign intelligence haven't figured out the same...
U.S. now requires nearly all visa applicants to submit their social media usernames, previous email addresses and phone numbers
165
705
2,253
When your security controls unexpectedly mitigate a previously unseen threat...
21
447
2,373
Typing your password into the username field...
40
1,047
2,398
The person who made the decision to push this to prod should never be allowed to work in tech again.
26
252
2,360
110,731
Network engineer: there's only one port open on the firewall, attackers will never get in! Red team: so about that one port...
36
703
2,365
When you have the endpoint protection software in monitor-only mode...
28
506
2,385
When the IT Director is "helping" with your security tasks...
39
499
2,348
Anti-vaxxers who patch their computers are f*cking hypocrites...
29
567
2,230
Attackers while the SOC is watching movies at night...
36
784
2,383
Illustrating security concepts: sure you have integrity and availability, but without confidentiality, does it really matter?
61
352
2,246
On the left, a certification ranger with 25 letters after his name trying to pentest the network. On the right, a kid with no formal education, but who spent time figuring out to make it work *before* he tried to break it just dominating your defenses...
49
599
2,180
Why supply chain security matters...
54
610
2,112
Sharing a single CPU between VMs when the hypervisor is oversubscribed...
21
659
2,115
Unconventional security system...
66
446
2,113
Someone awesome put together a parody site offering "Hate Offsets" so you can "rainbow wash your sins away." Please RT this until it goes so viral that Cloudflare PR has to seriously answer questions about whether they actually offer "Hate Offsets." cloudflarehatecredits.org/
18
696
1,797
Next time someone asks me what it's like to work in infosec, I'm showing them this...
32
464
2,064
If @GitHub (Microsoft) truly believes copilot isn't infringing on anyone's work, I want to offer them a chance to prove it: I'll donate $50k to a charity of their choice (or @EFF if we can't agree) if they release a Copilot version trained solely on Windows kernel source. 1/
Hi. I know you’re excited about copilot. GitHub scraped your code. And they plan to charge you for copilot after you help train it further. It’s truly disappointing to watch people cheer at having their work and time exploited by a company worth billions.
37
573
1,995
Hey @lyft - is it okay for your drivers to have removed the door handles inside the vehicle so you can only be let out from the outside? Asking for a me - because this is NOT okay.
55
114
1,928
262,498
Vegas is a cesspool. Keep your head on a swivel. Look out for each other. Never leave a drink out of your sight. Some men think this is only a problem for women. It is not. Years ago (not at BH/DC) I was rufied at an industry security conference in Vegas. 1/
88
688
1,974
"Ghost job" listings are far more common than you might have guessed. This is just sickening behavior. We need regulations on this just like we have for false advertising. sfgate.com/tech/article/ghos…
72
594
1,997
219,790
DevOps, illustrated...
37
692
2,024
There's no way an attacker can make it through that one hole in our firewall...
27
392
1,995
Imagine not being able to say “the woman who called for the execution of Pelosi and believes that Jewish space lasers started wildfires should not be a lawmaker” because you’re afraid of your base. It’s just crazy.
ABC: Marjorie Taylor Greene has voiced support for executing Nancy Pelosi. Is she fit to serve? GOV. ASA HUTCHINSON: I'm not gonna answer that question as to whether she's fit to serve, because she believes in something that everybody else does not accept.
77
461
1,709
After a failure to enumerate possible attack vectors, the adversary has executed an attack abusing a feature of the system...
28
288
1,941
204,883
No, we haven't begun migrating off of Windows 7 yet, why do you ask?
42
474
1,926
Yo, Microsoft, we need to talk. This is Notepad. Literally nobody asked for this...
81
163
1,974
139,081
Renaming your food so the expense department confuses it for office supplies is peak hacking...
25
354
1,890
Sometimes the unconventional security controls work the best...
30
339
1,892
Too many negative findings from your PCI assessment? Instantly remediate your deficiencies with this one crazy trick auditors don't want you to know about!
30
470
1,898
The official Linux kernel mailing list being offline for days because it's hosted on a home Linux server that suffered a power outage is the most Linux thing ever... nitter.app/spaans/status/95099743…
26
799
1,786
"We've still got time to patch, there's no active exploit in the wild yet..."
17
523
1,856
This is Oracle actively covering up evidence of an intrusion. This is someone executing 1990's breach playbooks in 2025.
21
132
1,899
117,596
I am painfully aware it was "not quite an update" - with a .sys extension - in the \windows\system32\drivers directory - that prevented a kernel driver from functioning correctly See also: distinction without a difference...
9
51
1,772
118,171
Embedding the admin username and password in the HTML comments of your web application...
27
676
1,712
Pro tip: open a command prompt and run "ipconfig /all" then look for any IPv6 addresses that may be present. Any addresses starting with "fe80:" means that your machine is compromised and your communications are being monitored by intelligence agencies.
im honestly not even trying that hard anymore
95
189
1,745
405,468
Using all your awesome tools and zero day exploits to pwn a domain controller, only to find out that you're in a staging lab and have nowhere to go...
35
401
1,734
This_is_fine.gif
16
171
1,731
236,368
I've never seen a regression testing "fix" so elegantly illustrated...
16
771
1,691
How you know your security controls are working...
41
268
1,682
Can we PLEASE stop with the "there's 750,000 unfilled cybersecurity jobs in the US?" I don't care what the "official" numbers are because it's certainly not reflective of the job market.
93
153
1,659
344,624
Deploying a firewall that allows all traffic outbound...
62
405
1,653
This is fantastic. Anyone using a coding "interview assignment" in production deserves this and so much more... H/T:@TProphet who I unfortunately can't RT
20
288
1,621
Firewall where the first rule is "ip any any"
15
425
1,629
"Software glitch"
A software glitch at Deutsche Bank has for almost a decade prevented some potentially suspicious transactions from being flagged to law enforcement authorities, Germany’s biggest bank has discovered. ft.com/content/d537f416-7c71…
103
395
1,428
I cannot believe I risked my personal safety repeatedly for a country on the verge of voting itself into fascism. I don't regret my service - I just can't believe this is where we are. Legit speechless.
66
81
1,504
88,665
Fuck everything about this. @HiltonHotels - get your people in line. Treating hackers with this level of disrespect is a bold move (TM). Looking forward to your official public written apology.
i’m sorry what the actual fuck
73
202
1,572
275,233
Tell me there's REALLY bad news coming without telling me...
NEW - 23andMe's entire board resigns, leaving founder Anne Wojcicki, sister of deceased YouTube CEO Susan Wojcicki, as the sole surviving board member.
15
170
1,519
83,635
Always have healthy skepticism when reviewing logs. Things aren't always as they seem...
13
443
1,576
DOGE is a bigger threat to US federal government information systems than China. If you find this statement controversial, I'm going to question your IT and cybersecurity credentials.
126
189
1,653
94,130
When that incident response ends up being a false positive...
34
480
1,564
Covert channel netcat.
18
333
1,517
Imagine dismissing anyone with legitimate security and privacy concerns as being "screeching voices of the minority." When engaging these people, let's not pretend they're interested in dialogue. They know better than you and nothing will change that. Do NOT plan for discourse.
44
340
1,430
Whatever this guy is training for, I'm betting the job description reads like a lot of infosec: Entry level position, requires 10 years experience with 5G technology, CISSP, strong baking skills, 10x engineer qualification, CEH strongly preferred.
83
373
1,508
So then @deviantollam just let himself in...
29
303
1,482
Extremely impressive OSINT work.
This is the greatest TikTok I’ve seen this year … I would watch this as a series on Netflix
26
196
1,514
193,739
When there's not enough space on the server, so you zip up someone else's files to make space for your data...
23
406
1,485
The containment phase of incident response when you've got a worm in the network.
36
417
1,462
With @Snowden book coming out, I'm hearing multiple respected people in the industry say "the domestic programs were wrong, I just don't agree with how he released the data." I get where these people are coming from, but let's examine why this is a hollow argument. 1/
54
497
1,449
Security controls not aligned with adversary capabilities...
52
313
1,479
If this is the way the Parler hack actually went down, it’s a fantastic case study in cascading security failures.
42
378
1,412
Management "helping" with an incident...
11
276
1,449
119,519
Hey infosec: remember that your job is risk reduction, not risk elimination. There's a BIG difference.
48
224
1,428
There's more than one way to bypass a firewall...
17
685
1,428
Embedding an executable in a word document and delivering it as an email attachment...
24
536
1,392
When you have a master's degree in computer science and find out that the entry level jobs in infosec you qualify for are things like "monitor DLP for alarms"
52
258
1,397
When your attacker is better than your threat model...
18
492
1,400
I've had more than a few people note that I'm posting some "political content" and they want to only see cybersecurity. Neat, but: 1. I'm a whole person, not a robot 2. I will always speak truth to power, party be damned 3. I will use my platform for social good 4. Unfollow me?
60
77
1,309
When a user clicks on an malicious PDF, it crashes Acrobat Reader, and then the user forwards it to all their coworkers "to see if it opens correctly on their machine"
17
432
1,396
Learning Python in the most dangerous way possible...
57
483
1,389
Beginning the response and learning the incident has not been properly scoped...
83
263
1,336
218,970
Laugh all you want about this, but most modern business runs on Windows. Teaching your kids "computer literacy" without teaching them Windows is like bragging your kid is fluent in Pig Latin when they can't read normal English.
81
105
1,349
99,600