Co-Founder of
@CygentaHQ
former head of cyber research
@Raytheon
- Keynote Speaker, ethical hacker and physical security specialist. Author of How I Rob Banks.
After ten years of writing up notes, and another year working with
@WileyTech
the very first copies of How I Rob Banks have just arrived!!!
I couldn’t have done this without the support and help of my wife
@drjessicabarker
Get you copy here:
TIL: that intel i3,i5, i7 and i9 processors are all the same, all made the same, on the same wafer. But depending on how many defects (therefore how many sections actually work) they just rename them. So your i3 processor is an i9 with many defects less for an i5 and less for i7
Honestly re-read that!
@virginmedia
store your password in plain text and don’t reset it but will POST it in the mail. Great job you utter idiots!
#securitymeansnothingtoyou
I finally get the password reset request actioned, phone representative tells me password will be posted to me.. ok weird but I accept. Today the post arrives and I shit you not it’s my old password!!!! (I remembered it on sight) So they store the password and just posted me it!!
Ok a thread: I have never signed into my
@virginmedia
account but I did set one up years ago but forgot all the details. I request a password reset. The person on the phone gives me “one last chance” to guess what email I used, I get it on the third try!
#itgetsworse
My book How I Rob Banks is published today in the USA & soon elsewhere.
10 years in the writing, it's a collection of anecdotes & advice from my career so far as a physical pentester.
Pick up a copy & I would love to see photos of it in the wild!
Confident Cyber Security has reached number 1 in Computer Security books on Amazon UK on day of publication! Thank you so much to everyone for their support, I’m overwhelmed and delighted 🤯💃🏼🥂
So your office is secure because you put a lock on the door. Let me introduce how criminals bypass locks. (It’s not lockpicking) Lower you expectations of what criminals do and do a reassessment of your threat model.
Can we stop saying 2FA is 'broken', yes its not perfect, yes its not what you use to protect some things. BUT to the general everyday public is better than NOT using 2FA. The general public need it, it raises the bar to criminals. Risk/Likely-hood/Impact
#doyoueventhreatmodel
Ok so is this a Unicode thing or a
@Twitter
feature or a bug that can be exploited?
#cherryblossom
if you like this tweet then you’ll see a flower appear over the like button, not even joking :/
This was our flipper zero back in the 90s! We haven’t made as much progress as people think, so I’m tempted to buy one and hack it to do others things! Surely there is a mod scene?
What is your favourite non cyber security YouTube channel? No matter how esoteric, but must be your favourite, not just trolling rt for a bigger reach to get more channels under this thread!
Just a few years ago my wife and I started
@cygentaHQ
. Last night we won our 5th award for our work, I am so unbelievably proud of both my wife and the whole team at Cygenta at how much we have grown, and how much impact we have had globally.
Incredibly proud of my wife for doing so much to deserve this medal! Her work ethic is beyond anyone else I know and I am so honoured to be married to her.
I never could have imagined chatting to Prince William about cyber security as he pinned my MBE medal on me! 🙃🤯🤴🥳
I’ll share more pictures of today soon, but for now this video says it all!! 💜
The drinking culture in infosec is childish and unhealthy. It’s time more people stood up like this to not only the drinking but to those that debase and othe behaviours that otherwise bring down the level of community. We are a mature industry now let’s grow up a little please.
I'm sorry, but I honestly think that saying "if you don't like drinking, you're in the wrong place!" is a shitty thing to say from stage at an infosec con even if you are at the afterparty
To the sober folks and the ones in recovery: no, you're not. You belong here too
For those who were worried, I have great news!
@drjessicabarker
is out of surgery and doing great! Thanks to all those that sent messages of support or were even silently wishing her well! We love you all :)
NEW: Throwflame unveils robot dog Thermonator — with flamethrower attached — The Ohio-based firm have announced the $9,420 bot is available for purchase by the general public and government agencies for the first time.
Last week
@__Freakyclown__
and I got married in the stunning Valley of Fire, surrounded by 40,000 acres of bright red Aztec sandstone. It was a truly amazing day!
Dear company I pay money to for services... if you call me and ask for MY security details dont get snotty with me when I ask you to confirm who you are! Getting huffy because I don't inherently trust random phone callers doesn't help anyone.
I win Christmas this year... sorry everyone else! My incredible wife got me a signed personal copy of Catch Me If You Can by Frank Abagnal!
#SocialEngineeringGoals
#CoupleGoals
Thank you everyone that has bought copies of How I Rob Banks. It’s officially a best seller according to amazon and it’s number one in multiple departments in multiple countries!! I am floored ❤️
Before this stuff with
@virginmedia
gets out of hand, please respect the social media staff are not given the same training as security professionals and are doing their best. They are not the problem, the backend technical management is! and its easy to jump on SM staff.
Does anyone else feel that all these new cookies "click ok to continue" terms will just lead the general public to get more complacent with just clicking the first thing that pops up without reading it?
To the hundreds of people that congratulated me and
@drjessicabarker
for our wedding the last few days, we would like to say thank you so very much for the kind words, its been overwhelming and whilst we would like to reply to all of you, we want you all to know we love you back.
New tool I wrote this morning at 08:30, discovers new things at 09:45, leads to discovery of zero-day by 10:00, loads of verification and chatting with the client. Then contact made with vedor by lunch! Not bad for a small cyber security company like
@CygentaHQ
#Pentesting
People always ask me why I still use wired headphones... never accidentally play nsfw rap music out loud, never loose one side, cheaper when I break/wash them, stops people talking to me as they can see the wires.
With everyone in awe of the OSINT that found the leaker of documents, and want to do something similar but it’s not your job, you can help to an amazing cause. Check out:
All safe for work and legal.
Myself and his excellency Dr Mohamed Al Kuwait Head of cyber security for the UAE discussing cyber security. Another absolute honour to have met such a legendary figure!
#Intersec2022
Happy to release to the world today. Our first public version of our
@pdnuclei
template for finding Blazor wasm json files.
the .dll files listed in the .json can be downloaded and I have seen some contain sensitive information.
Just a few years ago I had never been on a plane. As part of getting over my fears, my wife
@drjessicabarker
got me a fear of flying course with
@British_Airways
. This week I achieved Gold status. Great journeys start with taking small steps and giant leaps of faith in others.
So proud of my wife for doing this at such short notice. She amazes me with her knowledge of random stuff like this. (also big up for my Esxi box in the background rebooting and out fabulous
@NCSC
award on the shelf!)
Did you catch
@drjessicabarker
on
@SkyNews
this evening? She was responding to reports of Jeff Bezos being hacked, explaining a little about the spyware (Pegasus) which has been implicated
Am I the only one that sees that companies are starting to brand their stuff as “unhackable” in order to get free pen tests from the top hackers as well as publicity for their VC funded snake oil product?
Growing up I couldn’t have know my dreams of living in the USA would come true. I was 40 before I got on a plane due to fears, today I drove home from defcon to feed our cat! What an absolutely mind blowing life it’s been with
@drjessicabarker
giving me courage to live my dreams
oh wow... right that's it everyone we have solved security! Just tell the criminals its illegal! (also the main issue is not the posting, its the storing the password in a manner that can be read out in plain text)
@_sn0ww
That's a really interesting question, I really like the way you handled some of the responses to this thread, amazing work! Where do you work that you need to know that? You seem to find it easy to talk to strangers, I guess you come from a large family?
Not a single one in over six schools. None of them believed I would do anything. Now here I am a co-ceo of a successful company living a dream life! I strive harder to prove them all wrong. Live your life even when others tell you it’s impossible!
For those who are missing the traditional British pub crawl. A suggestion from my mother: “just place a glass of beer or wine in different rooms of your house and move rooms every half hour. Refill as required. Pork scratchings optional.“
#COVID19
#CovidUK
So the room guests would have unfettered access 24/7 to a gambling machine…. Can we get this in place for defcon to show how bad an idea this would be?
New idea, an E-ink screen for the back of your laptop for displaying electronic stickers so you dont have to worry about loosing the cool ones when you buy a new laptop!
The downside with having shopping delivered is there isn’t much the driver can do to help when things are wrong. Like this bottle arrived with the lock on! The good news is, subverting security is my thing.
Congratulations to my extraordinary wife
@drjessicabarker
!!!
She has now become a Member of the Most Excellent Order of the British Empire (MBE) for her services to cybersecurity ❤️
Maybe it becoming official will help me believe it…
I have been awarded an MBE for services to cyber security in the King’s first Birthday Honours List!
Thank you to everyone who supports me - my husband, family, friends, team and community 💜
Getting into BugBounties or CTFs or even just Pentesting? Learn not to rely on tools all the time. I just found a Type-0 XSS that both Burp and Zap didn't pick up in their scans.
Why doesnt nasa carpet drop tens of thousands of miniature rovers on mars and let people subscribe for a fee to an ipv6 address to control them and crowd source mars exploration?
I am so proud of how incredibly hard my wife worked on getting back to strength, its been a long hard 365 days for her but every day I am still impressed by how hard she pushes herself to get even stronger. 💗
This time last year I had my back op. In the 2yrs before, I couldn’t stand up straight w/out pain & a 5 min walk was agony. Now I’m 99% sciatica free, getting stronger every day! Today we had a nice 5k walk to celebrate. Thank you FC for always having my back, quite literally ❤️
To give a little perspective on the fire, NotreDame is more than 3 and a half times older than the United States. If you are not heartbroken by the destruction of history, that says more about you than those that do.
#respectHistory
Note to all British people: what if I told you, that you you can have pancakes any day you like not just on special days. America has figured this out already, we are behind, please update your consumption schedule.