Tim Medin 🇺🇦
@TimMedin
Followers
17,886
Following
586
Media
1,712
Statuses
19,804
Kerberoast Guy • @RedSiege CEO • IANS Faculty • Forbes Tech Council • Former SANS SEC560 Author, Senior Instructor • Work Req:
Longview, TX
Joined April 2008
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Merchan
• 133345 Tweets
Jean Carroll
• 114849 Tweets
Chester
• 114274 Tweets
Milli
• 98302 Tweets
Dick Cheney
• 83526 Tweets
Eagles
• 80293 Tweets
#CristinaMostraElTitulo
• 73967 Tweets
Mbappé
• 58495 Tweets
Franco Escamilla
• 53677 Tweets
Barcola
• 44041 Tweets
Packers
• 37137 Tweets
Barış Alper
• 34687 Tweets
Fraternal Order of Police
• 34244 Tweets
#FRAITA
• 28077 Tweets
Galler - Türkiye
• 24375 Tweets
SixTONES冠番組
• 18334 Tweets
Sergio Mendes
• 18112 Tweets
Go Birds
• 16946 Tweets
#الجوهره_للاهلي_ممثل_الوطن
• 16843 Tweets
VIERNES DE FURIA
• 16293 Tweets
Montella
• 15728 Tweets
Tonali
• 15501 Tweets
Deschamps
• 15312 Tweets
ايطاليا
• 14424 Tweets
Dimarco
• 12680 Tweets
Iker
• 11733 Tweets
Arda Güler
• 11047 Tweets
Saliba
• 10703 Tweets
Dembele
• 10040 Tweets
Pinned Tweet
I’ve spoken in front of large groups, small groups, technical groups, and executives. I’ve spoken all over the world. But I’m about to have my biggest test. I’m reading Fox in Socks to twenty 4-6 year olds. I’m nervous for the first time in years.
#TweetleBeetleBattleBeginsNow
12
7
231
At no point did I know what the next word was going to be.
For any of it.
124
4K
18K
Ok folks, you have failed me for not telling me I can move a process to a screen session
1. Suspend: Ctrl+z
2. Resume: bg
3. Disown: disown %1
4. Launch screen
5. Find pid: prep BLAH
6. Reparent process: reptyr ###
63
1K
3K
My team at Red Siege has written, instructed and developed some awesome training over the last year with zero involvement from me. Unfortunately, even though they don't work for SANS and I have had zero input or part in their courses, SANS has told me that unless they stop
110
124
1K
If you’ve ever wondered what “normies” think of security, here you go
Microsoft will no longer require users to enter a password to access their accounts. Instead, they'll have to use an app, a verification code or facial recognition. Check it out ⬇️
52
903
3K
25
233
1K
Some dude is all panties in a bundle because I didn’t use “basic OPSEC principles” during a presentation and revealed my city.
Look, if you can’t figure out the street address of the only Tim Medin on the planet, you need another gig.
37
21
566
1
37
577
Texas Supreme Court met via Zoom and decided that people must vote in person (no absentee).
Let that sink in.
20
144
523
Wife: If Cybersecurity awareness month had a ribbon, what color would it be?
Me: Bourbon
15
75
526
The more I use AWS the more I’m suprised everyone isn’t leaking data.
29
62
510
> Our vendor risk management has decided you are high risk because you don't have an IPS on your network or a physical security program!
Homeboy, we work from home. There is no office. There is no network infrastructure. None of this makes sense.
> But we have these
35
45
502
Got an accidental invite to a bachelor party. 100% chance I’d go. Don’t know who anyone is.
24
19
424
1
22
424
This CrowdStrike outage is a thing of nightmares. Imagine having to have to walk to each of the downed systems and manually fix it. Even worse with FDE.
I have flashbacks of Nimda and the reboot loop, but this is worse.
12
24
191
2
14
399
2
15
377
I once set my wifi password to “uppercase with no spaces”.
I thought it would be funny to tell people, “the password is ‘uppercase with no spaces’ but in lowercase and with spaces.”
It was funny for about 10 seconds.
21
34
354
Can we stop calling it the “dark web”. It is just the internet that you can’t find with google. It isn’t a separate internet.
27
77
333
If you hate the term “purple team” or “fusion team” remember why they exist. They exist because the offensive people have been crap communicators. They exist because red has shamed or humiliated blue.
Red only exists to improve blue. Anything else is a waste of time & money.
14
98
333
What a brilliant idea!
Phishious provides the ability to see how various Secure Email Gateway technologies behave when presented with phishing material.
1
96
315
Looking at individuals' .bash_history and usage of “rm” has taught me things about the users.
1. Well adjusted (as well adjust as a *nix person can be):
rm -rf blah
2. A cry for help:
rm -fr blah
3. Serial killer
rm -Rf blah
23
63
269
Client requires that we have a business continuity plan. We all work from home. I wrote it.
18
24
274
Me: I setup a new Wi-Fi network with additional filtering and protections. It’s called “Wu-Tang LAN”.
Wife: huh?
Me: Wu-Tang LAN is for the children
Wife: 😐
15
43
265
I single handedly stopped no less that 1,000 attacks by filling out this vendor risk management Excel doc.
Rest well everyone. I got you.
17
22
263
What is the simplest hack you’ve pulled of or witnessed?
We’ve had a DA account with Winter2019
MFA bypass by just skipping the login page
What else? I finishing up my talk on Hacking Dumberly and how simple stuff item works.
188
41
258
On average, how many tabs do you have open?
Me: In which window in which of my 3 browsers?
57
14
248
My kid’s math sweatshirt. Love it but it should be longer. :)
5
46
251
I see way too many people type "PEN test" as if it is an acronym. What does PEN stand for?
Wrong answers only.
343
33
243
I made a tool to change timestamps in a packet capture.
I call it forgedpillow.
18
50
229
I love the magic of SSH. So many useful features packed in that "simple" tool.
10
39
227
This CrowdStrike outage is a thing of nightmares. Imagine having to have to walk to each of the downed systems and manually fix it. Even worse with FDE.
I have flashbacks of Nimda and the reboot loop, but this is worse.
12
24
191
Every TLS finding
Stolen from the TrustedSec Discord:
17
162
1K
8
20
189
Anyone else planning on spending all day on December 31st binge watching all the content before Flash dies?
“Gotta checka checka da email, hope it’s from a ... female”
19
32
189
Often times, APT isn't very "A"... and sometimes not even very "P".
Conti ransomware folks having issues exiting vim:
16
24
186
TIL: You can tunnel through RDP (much like SSH) using proxychains.🤔🤔🤔
"Dynamic Virtual Channels ... enable the tunneling of arbitrary packets inside the RDP connection by tagging packets according to the desired source/destination"
4
81
178
Thanks everybody
Congratulations to Tim Medin (
@TimMedin
) for his promotion to SANS Senior Instructor! Well-deserved recognition for his contributions to our community, industry, & his countless students. Thank you, Tim!
Learn more about Tim:
14
16
100
18
3
171
6yo: Dad, making friends is easy. Just ask their name and then play. Boom. Done!
I’m on the lookout for more friends. Who wants to play?
50
13
165
A lot of orgs incorrectly defend against password spray attacks but blocking the source IP. This is largely a waste of energy since changing source IPs is trivial.
You need to identify the successful auth within the failed ones. Good info from Microsoft.
2
50
166
A man tried to take my son (he’s fine). He didn’t lure him with candy, he didn’t do it by force. He yelled at him and said he had to come with him. I’ve never heard of this tactic. He scared him into coming with him. He wasn’t that far from us. He’s 10 and smart. Be aware!
24
27
163
Wow! Holy Smokes! This blows my mind!
"For those who might not see what this is:
Fully working SMB protocol implementation is webassembly, it runs in your browser"
I waited 2 years for this, rewrote impacket for this, asked cryptographers to remake algos in python for this, spent enormous time of my life to make this happen. and it's finally here this finally works and I can't find the words to express my satisfaction.
79
749
2K
7
43
155
I'm his boss. I'm a bigger moron.
You CAN do this.
Stop worrying about imposter syndrome. I've got a job and I'm a fcking moron. You're more than adequate for the job.
5
16
243
6
8
155
Since we are living in a simulation, can we revert to snapshot?
14
23
150
The two most important work from home tips
1) MUTE YOUR DAMN MIC!
2) Double check the mute setting before flushing!
10
13
147
It is called "Recon" and "PrivEsc" because we can't spell. Change my mind.
25
14
145
My boys got me a Wonder Woman mask thinking I’d be embarrassed and not wear it.
I love it.
10
3
144
Deescalate
This is the seemingly most ironic lesson I learned from a Ranger and a Martial Arts instructor.
The two people I know who are most able to kill people talked about descalation and avoiding violence.
13
24
139
You can learn a LOT looking at someone’s .bash_history. It’s like looking into someone’s tech soul.
“This dude is a regex black belt”
“Wow, this guy needs a typing lesson”
“Why does this fella put `sudo` before every.. singe.. command (ssh)"
15
27
137
My fantastic wife bought the boys “Future Hacker” shirts. They came running in whilst I was doing a “got root” dance. Today is a good day!
7
5
134
If someone is a "seasoned professional", what seasoning is it?
Paprika?
125
7
137
Dude at the airport ordered a double whiskey at 6:15am. Slammed it, then walked to his gate.
It’s always 5 o’clock at the airport.
27
1
128
The irony of "Halp! We need a last minute pen test" mixed with "our payment terms are 90 days"
11
4
131
If a potential employer asks you for a writing sample, do NOT attempt to redact a work report and send it!
99% chance you miss something
100% chance you demonstrated you can't protect client info
I'd fire on the spot if I heard of this
11
6
129
I experienced German healthcare today (eye infection)
I walked in and filled out a 1/4 page of paper (unlike 4-5 pages in US)
Waited 4 minutes (3-10x in US)
Dr was efficient and gave Rx in 3m
I paid in cash 25€ and I got change
Pharmacy was faster than McD
Dang efficient!
10
11
124
Given the age of the Uvalde shooter, the shooter had likely been through more active school shooter drills than the cops.
All new school shooters will have gone through the drills.
The shooters know what they are stepping into.
Think about that for a sec.
7
37
126
To the person in Croatia who ordered Pizza Hut using the company card, I hope you enjoyed it. Also, the limit on that sucker meant you could have purchased a house. Should have been faster.
12
5
122
Those of you who still use two spaces after a period, what type of stone do you chisel your words into?
50
13
124
.
@RedSiege
is now more offensive than ever with the acquisition of
@FortyNorthSec
! I'm really excited to have them part of the team for all their contributions to infosec, including EyeWitness! Details on the acquisition are below.
11
23
123
"We crunched the numbers..."
This got me thinking, which number is the crunchiest?
47
9
116