Breaker of software | VP R&D @hunterstrategy | CTI/DFIR | @ians_security faculty | Bookings: jake at malwarejake dot com | GSE #150 | He/him

Odenton, MD
Let's not mince words: * If you don't support trans people, you're a bad human * If you have to add caveats to your support (e.g. "as long as my kids don't see"), you're one of the worst kinds of human * Trans deserve your *unconditional* support for their humanity
315
233
1,777
Dear web developers, The answer is zero. Zero. Get it through your thick skulls. Zero is the number of times anyone has EVER wanted something to autoplay on your site and start making noise. I'd honestly rather you mine crypto-currency in my browser than use my speakers. #kthxbye
562
10,305
39,147
Okay, I'm just going to throw this out there, but maybe - just maybe - a vendor having the ability to change every one of their kernel drivers in the field at the same time without any approval from IT/end users is a model we need to reconsider... @CrowdStrike.
337
2,121
18,847
2,071,873
Phishing illustrated :)
90
2,799
8,577
Man in the Middle attack...
58
1,040
7,451
Not every firewall exception is a security risk...
50
1,398
5,351
A hacker is born...
60
1,365
4,340
If corporate infosec is texting a personal number, they've stepped squarely into the line of fire...
sending goatse to gift card scammers
42
364
3,880
442,306
An attacker sends a phishing email posing as infosec staff...
35
1,295
4,010
Can we make it a rule that this guy only gets to use single core computers from here on?
143
286
3,864
I'm showing this to the next person that asks me what security compliance looks like...
122
1,077
3,717
A quick reminder of why "it's only metadata" is a bad argument...
49
650
3,543
Security vendors demonstrating how their products "would stop the Uber breach."
43
518
3,461
Next, next, next gen endpoint protection.
206
1,170
3,313
When you're trying to type 'rm -rf *.old' but hit enter after just 'rm -rf *'
101
890
3,280
Endpoint security vs modern malware...
52
571
3,235
When your security controls are blocking you from doing legitimate work...
36
1,064
3,137
When there's too much fire in your firewall...
141
1,088
2,880
Expert threat hunter identifies a covert threat and neutralizes it.
70
1,289
2,921
Quick national security note: everyone on the planet now knows the US is running without a leader at the helm. Every hour the 25th Amendment isn't invoked, we're rolling the dice that a foreign threat takes advantage of the situation. This is not a game, there is no do over.
78
569
2,665
There's always that one person in every IT shop that insists on over-automating everything... (via @misslaneym)
75
979
2,902
Totally normal, definitely not a bubble, investment cycle. fortune.com/2023/06/14/mistr…
57
367
2,558
323,819
What I expect to find when an org says "please evaluate our containerized microservices deployed across a hybrid infrastructure in a mulit-cloud environment..."
42
811
2,666
I actually feel bad for Zuckerberg. He and Facebook aren't exactly innocent here, but let's be clear: 1. Nobody forced ANYONE to use Facebook. 2. You didn't pay for it. 3. You were ALWAYS the product. 4. The goal was ALWAYS to sell you more ads and monetize your data. Period.
154
1,423
2,677
Security teams, I have good news and bad news. The good news is that executives are suddenly very interested in security controls. The bad news is, they're not interested for reasons you probably hoped when you dreamed this day might come...
15
266
2,594
72,469
Nobody* saw this coming. *Literally everyone who studies AI and automation saw this coming.
NEW: Amazon's new AI-powered cameras are penalizing delivery drivers for driving mistakes they didn't make & drivers are losing income. It's the nightmare scenario that AI experts frequently warn about. I talked to drivers about how AI is punishing them: vice.com/en/article/88npjv/a…
26
687
2,287
This boils my blood. If my social media were reviewed, there's little chance I'd be issued a US visa. Also, I'm already thinking of ways to abuse this. There's little chance foreign intelligence haven't figured out the same...
U.S. now requires nearly all visa applicants to submit their social media usernames, previous email addresses and phone numbers
165
706
2,253
When your security controls unexpectedly mitigate a previously unseen threat...
21
447
2,374
Typing your password into the username field...
40
1,048
2,400
The person who made the decision to push this to prod should never be allowed to work in tech again.
26
252
2,360
110,731
Network engineer: there's only one port open on the firewall, attackers will never get in! Red team: so about that one port...
36
703
2,366
When you have the endpoint protection software in monitor-only mode...
28
506
2,385
When the IT Director is "helping" with your security tasks...
39
499
2,348
Anti-vaxxers who patch their computers are f*cking hypocrites...
29
567
2,232
Attackers while the SOC is watching movies at night...
36
784
2,381
Illustrating security concepts: sure you have integrity and availability, but without confidentiality, does it really matter?
61
352
2,246
On the left, a certification ranger with 25 letters after his name trying to pentest the network. On the right, a kid with no formal education, but who spent time figuring out to make it work *before* he tried to break it just dominating your defenses...
49
600
2,180
Why supply chain security matters...
54
610
2,112
Sharing a single CPU between VMs when the hypervisor is oversubscribed...
21
659
2,116
Unconventional security system...
66
446
2,114
Someone awesome put together a parody site offering "Hate Offsets" so you can "rainbow wash your sins away." Please RT this until it goes so viral that Cloudflare PR has to seriously answer questions about whether they actually offer "Hate Offsets." cloudflarehatecredits.org/
18
695
1,798
Next time someone asks me what it's like to work in infosec, I'm showing them this...
32
464
2,065
If @GitHub (Microsoft) truly believes copilot isn't infringing on anyone's work, I want to offer them a chance to prove it: I'll donate $50k to a charity of their choice (or @EFF if we can't agree) if they release a Copilot version trained solely on Windows kernel source. 1/
Hi. I know you’re excited about copilot. GitHub scraped your code. And they plan to charge you for copilot after you help train it further. It’s truly disappointing to watch people cheer at having their work and time exploited by a company worth billions.
37
573
1,996
Hey @lyft - is it okay for your drivers to have removed the door handles inside the vehicle so you can only be let out from the outside? Asking for a me - because this is NOT okay.
55
114
1,929
262,498
Vegas is a cesspool. Keep your head on a swivel. Look out for each other. Never leave a drink out of your sight. Some men think this is only a problem for women. It is not. Years ago (not at BH/DC) I was rufied at an industry security conference in Vegas. 1/
88
688
1,975
"Ghost job" listings are far more common than you might have guessed. This is just sickening behavior. We need regulations on this just like we have for false advertising. sfgate.com/tech/article/ghos…
72
595
1,998
219,787
DevOps, illustrated...
37
692
2,024
There's no way an attacker can make it through that one hole in our firewall...
27
392
1,996
Imagine not being able to say “the woman who called for the execution of Pelosi and believes that Jewish space lasers started wildfires should not be a lawmaker” because you’re afraid of your base. It’s just crazy.
ABC: Marjorie Taylor Greene has voiced support for executing Nancy Pelosi. Is she fit to serve? GOV. ASA HUTCHINSON: I'm not gonna answer that question as to whether she's fit to serve, because she believes in something that everybody else does not accept.
77
461
1,710
After a failure to enumerate possible attack vectors, the adversary has executed an attack abusing a feature of the system...
28
288
1,940
204,883
No, we haven't begun migrating off of Windows 7 yet, why do you ask?
42
474
1,929
Yo, Microsoft, we need to talk. This is Notepad. Literally nobody asked for this...
81
163
1,978
139,081
Renaming your food so the expense department confuses it for office supplies is peak hacking...
25
354
1,890
Sometimes the unconventional security controls work the best...
30
339
1,891
Too many negative findings from your PCI assessment? Instantly remediate your deficiencies with this one crazy trick auditors don't want you to know about!
30
470
1,898
The official Linux kernel mailing list being offline for days because it's hosted on a home Linux server that suffered a power outage is the most Linux thing ever... nitter.app/spaans/status/95099743…
26
800
1,787
"We've still got time to patch, there's no active exploit in the wild yet..."
18
523
1,857
This is Oracle actively covering up evidence of an intrusion. This is someone executing 1990's breach playbooks in 2025.
21
132
1,900
117,596
I am painfully aware it was "not quite an update" - with a .sys extension - in the \windows\system32\drivers directory - that prevented a kernel driver from functioning correctly See also: distinction without a difference...
9
51
1,774
118,171
Embedding the admin username and password in the HTML comments of your web application...
27
676
1,711
Pro tip: open a command prompt and run "ipconfig /all" then look for any IPv6 addresses that may be present. Any addresses starting with "fe80:" means that your machine is compromised and your communications are being monitored by intelligence agencies.
im honestly not even trying that hard anymore
95
189
1,746
405,468
Using all your awesome tools and zero day exploits to pwn a domain controller, only to find out that you're in a staging lab and have nowhere to go...
35
401
1,734
This_is_fine.gif
16
171
1,733
236,368
I've never seen a regression testing "fix" so elegantly illustrated...
16
771
1,691
How you know your security controls are working...
41
268
1,682
Can we PLEASE stop with the "there's 750,000 unfilled cybersecurity jobs in the US?" I don't care what the "official" numbers are because it's certainly not reflective of the job market.
93
153
1,658
344,624
Deploying a firewall that allows all traffic outbound...
62
405
1,654
This is fantastic. Anyone using a coding "interview assignment" in production deserves this and so much more... H/T:@TProphet who I unfortunately can't RT
20
288
1,622
Firewall where the first rule is "ip any any"
15
425
1,629
"Software glitch"
A software glitch at Deutsche Bank has for almost a decade prevented some potentially suspicious transactions from being flagged to law enforcement authorities, Germany’s biggest bank has discovered. ft.com/content/d537f416-7c71…
103
395
1,431
I cannot believe I risked my personal safety repeatedly for a country on the verge of voting itself into fascism. I don't regret my service - I just can't believe this is where we are. Legit speechless.
66
81
1,504
88,665
Fuck everything about this. @HiltonHotels - get your people in line. Treating hackers with this level of disrespect is a bold move (TM). Looking forward to your official public written apology.
i’m sorry what the actual fuck
73
202
1,571
275,233
Tell me there's REALLY bad news coming without telling me...
NEW - 23andMe's entire board resigns, leaving founder Anne Wojcicki, sister of deceased YouTube CEO Susan Wojcicki, as the sole surviving board member.
15
169
1,519
83,635
Always have healthy skepticism when reviewing logs. Things aren't always as they seem...
13
443
1,576
DOGE is a bigger threat to US federal government information systems than China. If you find this statement controversial, I'm going to question your IT and cybersecurity credentials.
126
189
1,653
94,129
When that incident response ends up being a false positive...
34
480
1,564
Covert channel netcat.
18
333
1,517
Imagine dismissing anyone with legitimate security and privacy concerns as being "screeching voices of the minority." When engaging these people, let's not pretend they're interested in dialogue. They know better than you and nothing will change that. Do NOT plan for discourse.
44
341
1,432
Whatever this guy is training for, I'm betting the job description reads like a lot of infosec: Entry level position, requires 10 years experience with 5G technology, CISSP, strong baking skills, 10x engineer qualification, CEH strongly preferred.
83
373
1,508
So then @deviantollam just let himself in...
29
303
1,483
Extremely impressive OSINT work.
This is the greatest TikTok I’ve seen this year … I would watch this as a series on Netflix
26
196
1,516
193,737
When there's not enough space on the server, so you zip up someone else's files to make space for your data...
23
406
1,484
The containment phase of incident response when you've got a worm in the network.
36
417
1,463
With @Snowden book coming out, I'm hearing multiple respected people in the industry say "the domestic programs were wrong, I just don't agree with how he released the data." I get where these people are coming from, but let's examine why this is a hollow argument. 1/
54
497
1,449
Security controls not aligned with adversary capabilities...
52
314
1,481
If this is the way the Parler hack actually went down, it’s a fantastic case study in cascading security failures.
42
378
1,412
Management "helping" with an incident...
11
276
1,451
119,517
Hey infosec: remember that your job is risk reduction, not risk elimination. There's a BIG difference.
48
224
1,430
There's more than one way to bypass a firewall...
17
685
1,429
Embedding an executable in a word document and delivering it as an email attachment...
24
536
1,392
When you have a master's degree in computer science and find out that the entry level jobs in infosec you qualify for are things like "monitor DLP for alarms"
52
259
1,398
When your attacker is better than your threat model...
18
492
1,401
I've had more than a few people note that I'm posting some "political content" and they want to only see cybersecurity. Neat, but: 1. I'm a whole person, not a robot 2. I will always speak truth to power, party be damned 3. I will use my platform for social good 4. Unfollow me?
60
77
1,309
When a user clicks on an malicious PDF, it crashes Acrobat Reader, and then the user forwards it to all their coworkers "to see if it opens correctly on their machine"
17
432
1,396
Learning Python in the most dangerous way possible...
57
483
1,390
Beginning the response and learning the incident has not been properly scoped...
83
263
1,337
218,970
Laugh all you want about this, but most modern business runs on Windows. Teaching your kids "computer literacy" without teaching them Windows is like bragging your kid is fluent in Pig Latin when they can't read normal English.
81
105
1,351
99,600