Long post, sorry 😂
TLDR: Read below if you want to know how I was able to accomplish what I have, and how I'm still continuing to do so. I introduce the "Rule of 5" which is something I do everyday to make progress on all fronts. Tips for your success / progress in life.
I
It's official.
I'm the proud owner of a 1982 manual transmission DMC DeLorean with 5600 miles.
I will be converting it to an exact replica of the Back to the Future 2015 Fusion version from the BTTF II movie.
So excited.
This is going to be an awesome project.
Lots of accounts including Bezos, Elon Musk, Joe Biden, Barack Obama, Bill Gates, Mr Beast, and a ton more getting hacked for a bitcoin scheme.
Normally account take overs are due to insecure passwords or recovery options, this is definitely something different.
I can't believe this is actually happening soon.. from the basement of our house and only have one month of mortgage payments left in the bank to ...this is just crazy to think about...
#TrustedSec
Kevin will be sorely missed. I don’t even know what to type here other than this last year was extremely tough for him but he fought everyday and we all knew Kevin was a fighter and had hope he would beat it because he was that incredible of a person. I remember the day he found
Please, please, please enable Multi-Factor Authentication (MFA) for your organization.
This includes LogMeIn, and especially from any remote administration software.
Please, please, please protect your backups.
So many ransomware groups succeeding right now on basic attacks.
Long thread but serious talk.
Seeing a massive problem in the security industry today. We have brand new candidates lacking "hands on" experience coming into the workforce and finding it extremely difficult to find a job. 1/10
Unsolicited email:
"If you want to be removed from this list, reply back with unsubscribe."
Or...
/me blocks entire domain company wide at email gateway.
Wow, I am completely speechless here.
Microsoft really did remove the PoC code from Github.
This is huge, removing a security researchers code from GitHub against their own product and which has already been patched.
This is not good.
My son did something amazing today. He got the fake email "We've hacked your computer and spied on you doing bad stuff and browsing bad sites. Send us bitcoin and tell no-one. ".
His heart dropped, and his first instinct was to call me and tell me what happened and ask for
We will be publishing our legal documents for physical security tests for companies to use soon on GitHub. Hopefully helps out newer companies and ensure they are protected when doing engagements.
Has max protections in place for employees and scope verification.
#TrustedSec
Lapsus$ is no joke.
Okta, Microsoft, LG and others.
Seeing a number of orgs hit and ones that are pretty far along sec maturity wise.
They are taking advantage of gaps in detection, EDRs + more.
Cloud visibility and understanding baseline behavior is critical.
Red alert.
My son just asked me for a copy of my book so he could read coding and hacking at night 🥲🥲
I just gave him my very first copy - first edition that I ever received and explained to him what that meant to me.
He's upstairs reading in his bed now. Future hacker in progress.
Afghan hit me harder than I could have ever expected. I'm OK but sad + angry.
I've been talking all night with my vet brothers and sisters and we are all hurting.
Learned today that some are taking their lives.😓
You are not alone. You did good. You are loved. Talk, get help.
So. You have this level of access, you write a ton of automation scripting for it, and you send a lame mass bitcoin campaign.
Could have easily sold this access for millions.
Something isn’t adding up here and smells like a much larger campaign masked as something else.
This is a 6-month before and after... Still have a long ways to go but extremely happy with my results.
Anyone can do this if you have discipline and a long-term view.
I can't wait to see where I am in six more months.
#RedTeamFit
Most folks don’t know that
@kevinmitnick
remained highly technical even up until the end. I worked with him on a number of pentests through the years and we always helped one another.
I’ve never seen someone so driven and persistent. Kevin loved hacking - to an obsession. He
The guy is a retired Admiral. Confirms UFOs. These aren’t whack job people coming out of the woodwork. Career veterans whom served their country honorably.
Something’s up.
At Taco Bell and hear a young couple adding up how much the food will cost and checking their bank account to see how much they can afford.
Been there before.
Paid for their meal and just said you guys are a young couple getting started - enjoy!
They started crying - I tried
One lesson that I see to folks new and old in the industry struggle with is:
Remaining humble and recognizing that you are always learning and need to continue to learn from others.
Trust me, you don't know everything, and never will.
Be humble, kind, and help others.
I've been working on a secret project over the past few months.
Not going to say anything more about it other than dropping this screenshot.
#TrustedSec
It has always been my goal to appropriately communicate to the media what is happening out there and what amazing work the security industry is doing.
I have to be honest, the latest Zoom storm has me concerned. 1/10
One of my favorite
@kevinmitnick
stories…
@MrsRel1k
and I were in Vegas to see David Copperfield whom is my favorite magician since I was a kid and was a dream to see him again on stage. I happened to tweet it - I get a text a few minutes later from Kev “hey are you at Dave’s
Well that was embarrassing.
At the airport and it’s a super quiet terminal. Place ear pods on and turn Metallica on my phone. Sounds kind of low so I crank it up. Don’t even pay attention and 10 minutes later it’s been playing on my phone speakers the entire time 😂
I will wait for the family to release their thoughts and feeling on Kev out of respect before I post in detail.
You were so damn strong and fought so damn hard.
You were an amazing human, man, husband, and know you would have been an incredible father.
I will miss you deeply
CISA and review board torches Microsoft internal response and how bad the 2023 compromise actually was.
It was way worse than what was communicated from Microsoft - way way way worse and avoidable.
This is a good read and something folks really need to equate in their own
I always asked myself how do I make a difference in the world.
I built DerbyCon with friends to help and impact others.
Then I built TrustedSec. Then I built Binary Defense.
Now this. It's just the beginning. I now have an army of the best and most brightest talented
The new Cybersecurity Education Program
@BedfordHS
has officially taken off🚀
Take a peek inside our launch event last week and learn more about how this program will impact students!
I’m incredibly grateful to have the ability to help others.
It’s always been a lifelong dream.
The school I graduated from was a low income city with little opportunity for career success.
I am humbled to announce the “David Kennedy Center of Gaming and Leadership” 1/4
We talk about skills shortages everywhere in cyber security - but almost 99% of the job postings I see are for already experienced individuals.
We have a skills shortage because we are not hiring new security folks into this industry. 2/10
Just got done speaking at a local library on cyber security and things that they can to do protect themselves.
Doesn’t matter if speaking to 40 people or 4000 - just trying to do my part to help people.
Hey all, friendly reminder infosec isn’t a high school popularity contest.
Work hard, contribute, help others, accept new folks, teach, and be badass at what you do and you are elite.
- Signed Dave’s recipe to being successful and not a Twitter or TikTok fad. F the noise.
😬😬😬😬
“Microsoft has notified customers that it’s missing more than two weeks of security logs for some of its cloud products, leaving network defenders without critical data for detecting possible intrusions.”
it doesn't help that most course programs in colleges are an absolute disaster and train-wreck.
We have candidates who come out with bachelors and don't even know basics of networking, linux fundamentals, programming or really anything other than high level topics. 5/10
I cancelled my talk earlier today and am home. I hope to record it soon and publish online.
It was great to see everyone. The whole situation sucks, but the right decision to pull it.
I wish everyone safe travels home.
I mean my tweet back to you kinda deserves to be on the Kennedy family wall no? 😂
You might be sleeping on the couch tonight 🤣👊🏾
#BlackAdam
@ProjectRock
Today marks my 1-year commitment to fix myself. Exactly 1 year ago today, I made the jump and got a personal trainer
@bencanning87
who has guided me through this journey.
It's been incredible. To another year, and many more after that. Thanks for all you do Ben!❤️
#wehackhealth
As promised. We have released our legal docs pertaining to physical penetration tests to help other organizations and the community. Was created by our third party law firm and reviewed by a secondary.
Hope people find it useful but most importantly hope it helps.
We have open sourced our legal documentation used for physical penetration tests.
The purpose is to help the community and organizations protect their employees when conducting testing.
Includes three docs:
MSA
SOW
Authorization Letter
#TrustedSec
Here’s the latest tattoo. The story behind it is Erin (wife) and I started dating while I was home on leave in the Marines.
We hit it off immediately and 22 days later I deployed to Iraq. We continued dating while I was in Iraq and made it through the entire year and eventually
I can’t even make this up.. walked into the title agency to register my DeLorean and Huey Lewis - power of love is playing on it. The dude at the desk stares at the title then looks at me and we both say “no way” at the same time 😂😂
When the hell would a hacker that barely passed high school just wanting to break shit be in a formal black tie event competing against all companies against the country hosted by one of the largest companies in the world. WTH happened 😂
The past you is you.
Our past forges who were are today.
I love that dude on the left.
The dude on the right is me today. Confident, happy, healthy, and *feel* better than I ever have been in my entire life.
Can't wait to see me 6 months from now.
#wehackhealth
Progress is slow.
Small changes equate to big over time.
I know if I stay consistent, things will work.
It’s so cool to see a 3 year difference and recognize all of the help I’ve gotten from
@bencanning87
during this journey to get here.
#wehackhealth
I truly want to thank everyone who shares positivity, who focuses on trying to make the world a better place and doesn't tear other people down. I'm only on this Earth for a short time, I will continue to try to make it better than when I leave it. (15/15)
Okay, something crazy just happened.
I won a bid and snagged the original Back to the Future 2 sports almanac used in the movie.
The actual one used in the movie. 😮😮😮😮😮
I'll share something personal, when we ended Derby - it was crushing for me because we had started something different that helped so many people.
It was a vehicle for people to start their careers, get exposure, remove elitism statuses and bring everyone together. So many