Follow

Ray [REDACTED]

@RayRedacted

•

@DarknetDiaries

Assoc Producer • Fortune 100 VP • Cybersecurity Researcher •

advocate •

@DianaInitiative

evangelist & supporter He/him

Professional Services[REDACTED]redact.link/historyBorn January 1Joined November 2008

1,134 Following

Ray [REDACTED]’s Tweets

Pinned Tweet

The best advice I can give you is this: You have Ring 3 friends, Ring 2's, Ring 1's, and, (if you are lucky!) a handful of Ring 0 friends. When an R1 or R0 tells you that you should delete a tweet, delete it immediately. You promoted that friend to R0 for a reason

20

74

513

Ray [REDACTED] Retweeted

Infosec Zathras drove to Shmoocon 2021.

As

observed at #shmoocon #firetalks tonight, 40% of traffic over the internet uses IPv6. Wondering why one of

' flagships, in the US National Capital, doesn't provide IPv6 connectivity on their guest network.

2

6

Tanya is awesome!!!! Definitely going to register for this!

Quote Tweet

· 1h

#GRIMMCon 0x7 is excited to announce that our Opening Keynote Speaker will be Tanya Janca (@shehackspurple) on May 18! More details & registration info is coming soon; stay tuned!!

1

8

Your best friends in the universe see the best in you and loudly insist that you become it.

4

8

44

I fully expect this GIF in the replies somewhere.

Fetch Regina George GIF

GIF

2

2

18

Show this thread

I would like to sincerely apologize to the Infosec community for attempting to coin the term “Cyber No-Fly zone” during tonight’s Ukraine firetalk. I have been disciplined.

21

16

178

Show this thread

Topics to follow

Sign up to get Tweets about the Topics you follow in your Home timeline.

Carousel

Firetalks have begun! First uo is

on heroes and villains. Join the stream!

1

3

14

QR code all the things

1

3

Show this thread

Live right now

@MikeyAsAService

- streaming on twitch twitch.tv/videomon3

1

1

6

Show this thread

During this event I will be matching any donations of $13 or $133 until I run out of money. This is a good cause so go crazy.

Quote Tweet

#firetalk at ShmooCon

We're hosting a private charity event on Thursday for @wckitchen in UKR with specially crafted cocktails (alcoholic and not) and faire by me, @allanfriedman @Kurt_theTurk @KeenanSkelly. We're raffling a ticket @shmoocon (thx @TypeMRT)! #StandWithUkraine eventbrite.com/e/a-curious-ad

1

6

10

Fondly remembering that

’s show

titled all of their episodes with warez-speak looking names as a tribute to Usenet and IRC pirates and hackers.

Mr Robot Wow GIF by Emmys

GIF

6

3

24

Streaming here : shmoocon.org/streams/

2

3

Show this thread

Coming up 3:30 pm at

, check this talk out from

full schedule at shmoocon.org/schedule

2

4

14

Show this thread

This is the most informative and concise thread you are going to read about Okta. Check it out:

Quote Tweet

Let's decompose the comms from Okta about its compromise from the perspective of an incident responder and someone who has worked numerous incidents with third parties involved. First, let's acknowledge that Okta itself is a victim. 1/ okta.com/au/blog/2022/0

Show this thread

1

13

61

That feeling when you are on your way to shmoocon and you accidentally stumble into the admin page on the airplane Wi-Fi systems.

34

10

197

It is absolutely disgusting how one party is suppressing black and brown votes, restricting reproductive rights, and espousing and encouraging hatred & discrimination against our transgender siblings, parents, & children. Pick a side. Get involved. And above all, vote.

5

18

79

Show this thread

Infosec pop quiz, question 79: What would be the infosec equivalency / metaphor for Hedgehog Holes as tweeted here by

@dearsusanbranch

?

Quote Tweet

@dearsusanbranch

ANOTHER thing I love about England, they built their walls in farm fields with hedgehog pass-throughs!

6

1

4

Show this thread

T7 Touch on sale on amazon

1

3

Show this thread

This is a good price but Newegg has them for $93 if you would rather avoid refurbished goods. Note: The T7's are twice as fast and twice as expensive.

3

1

10

Show this thread

(CW: CSAM related discussion) How does this video make you feel? The is not a rhetorical question; I actually want to know what you think.

Embedded video

7:30

2M views

From

16

3

14

Ray [REDACTED] Retweeted

If you experience social anxiety about meeting online friends IRL for the first time or about forgetting other ppl's names, remind yourself that ALL OF US are feeling the exact same way. We are ALL nervous and scared and feeling like imposters. Or at least I am, anyway. /7

1

6

28

Show this thread

Ray [REDACTED] Retweeted

Are you a first-time attendee or participant at Shmoocon this year? If so, here is a bit of advice for your first year, including (hopefully) some advice from others in the replies. (Disclaimer: I am not directly affiliated with shmoocon, I'm just a fan and a speaker) /1

5

5

21

Show this thread

OK, c'mon, this is funny.

Quote Tweet

Marcus Hutchins

@MalwareTechBlog

The Bing source code leak might be the first breach to cause negative damage. Microsoft probably saw a 5 fold traffic increase from everyone googling “what is Bing”

2

1

47

This is significant even if it is unsurprising.

Quote Tweet

The world's largest container carrier @Maersk is completely leaving #Russia.

3

3

41

Ray [REDACTED] Retweeted

Infosec pop quiz, question 78: Without looking it up, what is

referring to here?

Quote Tweet

Replying to @RayRedacted

That probably shaped my ideas about computer languages and compilers more than any CS class ever did. I'm not sure I can picture teaching some of those concepts any other way (but I'm old and get off my lawn you meddlesome kids!)... #parenthetical

3

1

2

Show this thread

Infosec pop quiz, question 78: Without looking it up, what is

referring to here?

Quote Tweet

Replying to @RayRedacted

That probably shaped my ideas about computer languages and compilers more than any CS class ever did. I'm not sure I can picture teaching some of those concepts any other way (but I'm old and get off my lawn you meddlesome kids!)... #parenthetical

3

1

2

Show this thread

This is not the right thread but it contains a sample diagram.

Quote Tweet

We used to diagram sentences. Not just once or twice. Dozens or hundreds of times. Like cursive, this ancient art is no longer taught in elementary or middle schools.

3

3

Show this thread

Last year a bunch of ppl who follow me claimed they still knaw how to diagram sentences the way we did in Middle School. OK, here's your chance to prove it to win either a T-shirt or twenty bucks worth of crypto then. 🤪

Quote Tweet

Replying to @RayRedacted

The horse he rode in on has heard about what happens to horses that get rode in on, and would like to make clear that he just happened to get rode in on and wants no part of this.

6

5

Show this thread

Am I the only person who wants to inquire about the horse’s anonymity being protected with the eye redaction in this thread

Quote Tweet

· Aug 22, 2020

Let's talk about Build the Wall, this racist and the horse he road in on instagram.com/p/BzIzGTHgc8I/

Show this thread

15

4

50

I admit it’s been a few years since I took Constitutional Law, but I am 99% sure that the Dred Scott decision predated the concept of Substantive Due Process by years, Senator Cronyn. Also, the Supreme Court’s same sex marriage ruling did not rely on SDP regardless.

1

1

20

Show this thread

Please turn your sound on for this one.

Embedded video

2:20

1M views

From

The Kyiv Independent

1

4

12

A tweet from a CEO should be more specific than “the screenshots shared online”since this might be misinterpreted at a later date.

Quote Tweet

We believe the screenshots shared online are connected to this January event. Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January. (2 of 2)

Show this thread

1

10

Pop quiz question 77. (Yes, there are really 76 other questions; scroll up to see them all) In the tweet below,

argues that using Knowledge-Based Authentication is not a best practice for MFA. Why is using KBA inherently risky?

Quote Tweet

Authenticating users via security questions has always been a horrible idea. Now the FTC agrees! Goodbye “What's your mother's maiden name?” security questions. twitter.com/benrossen/stat…

3

2

10

Show this thread

Ray [REDACTED] Retweeted

Let me share a story 🧵 Last year, September 2021, I attended my first WiCyS

conference I had just started my new role as a cyber threat intel analyst at

@RecordedFuture

I wanted to focus on cloud sec and what could go wrong from a threat intel lens 1/n

3

4

35

Show this thread

WAY TO GO!!!!!!!!

3

27

Show this thread

Ray [REDACTED] Retweeted

Authenticating users via security questions has always been a horrible idea. Now the FTC agrees! Goodbye “What's your mother's maiden name?” security questions.

Quote Tweet

FTC announced a new data security settlement today, one of the first under Khan's admin. The order has a couple new provisions that FTC watchers will want to look at closely. ftc.gov/news-events/ne

Show this thread

3

27

86

Ray [REDACTED] Retweeted

It may be tempting to give and/or seek admin or root on every box; after all, we are conditioned to think of "access" as correlated with success, wealth, or even intelligence. But it is in your best interest to only have keys to the rooms you need. /2

Quote Tweet

"Zero Trust" means that you should not trust even your future self. Don't give yourself access to PII or PHI data unless you actually need that access. And even then, place limits on it.

Show this thread

3

7

48

Show this thread

It may be tempting to give and/or seek admin or root on every box; after all, we are conditioned to think of "access" as correlated with success, wealth, or even intelligence. But it is in your best interest to only have keys to the rooms you need. /2

Quote Tweet

"Zero Trust" means that you should not trust even your future self. Don't give yourself access to PII or PHI data unless you actually need that access. And even then, place limits on it.

Show this thread

3

7

48

Show this thread

"Zero Trust" means that you should not trust even your future self. Don't give yourself access to PII or PHI data unless you actually need that access. And even then, place limits on it.

20

57

408

Show this thread