Tweets

A quick rage-thread about credentials. When security auditors just say things like "Critical credentials need to be rotated every 90 days" you need to fire them into the sun with urgency. Here's what you actually need ...

— Colm MacCárthaigh (@colmmacc) June 1, 2022

Bezos banned PowerPoint in his meetings.

"Memos only" created a writing culture at Amazon unlike any other.

13 writing principles to impress your boss (even Bezos):

— Rob Lennon 🗯 (@thatroblennon) May 30, 2022

Our new condition keys allow you to limit your principals’ access to include only resources belonging to a specific AWS account, AWS organization, or OU.

Learn how they can form part of a wider security strategy to create a perimeter around your data. 👇 https://t.co/zdYDWVsSAQ

— AWS Identity (@AWSIdentity) May 10, 2022

I have created a lot of useful little hacking tools over the last few years, sometimes I tweet about them, sometimes I don't.

Here's a list of some of the most useful ones, and a brief explanation of what they do! 🧵👇

— hakluke 👨‍💻🚀 (@hakluke) May 11, 2022

In my @WWHackinFest talk last week, we saw how an adversary can execute each piece of this attack path, turning initial access into the Azure tenant into Global Admin. What should defenders do about this? A short thread: 🧵 pic.twitter.com/1vFQt8tgl1

— Andy Robbins (@_wald0) May 9, 2022

15 best engineering blogs for improving System Design skills:

( Understand how engineering teams at top tech companies build scalable systems )

— Sunil Kumar (@sunilc_) May 2, 2022

We've launched 3 new condition keys to help you to control access along your AWS organizational boundaries:
🔑 aws:ResourceOrgID
🔑 aws:ResourceOrgPaths
🔑 aws:ResourceAccount
Learn how to get started. https://t.co/BEj2cMwouy pic.twitter.com/52Ekuz9mx1

— AWS Identity (@AWSIdentity) April 27, 2022

Incredible how most engineering managers don't realize how measuring developer productivity by visualizing JIRA+git stats is a dead-end if you want truly high-performing teams.

This path works just like mandating that teams use Scrum. Yes: it helps bad teams get better.

— Gergely Orosz (@GergelyOrosz) April 28, 2022

Are you responsible for Azure AD in your org? This is a MUST read.
What happens when someone accidentally runs a script that deletes all the user objects in your tenant? What if you delete all the apps? Here is a short but important thread. 👇🧵 pic.twitter.com/Yfah36b90j

— Merill Fernando • 🇦🇺 • 🇱🇰 (@merill) April 26, 2022

Metrics from GitHub and JIRA can't tell you how productive an engineering team is.

— Laura Tacho 🌮 (@rhein_wein) April 25, 2022

11 Promises from a Manager: a 🧵

1. We’ll have a weekly 1:1. I’ll never cancel this meeting, but you can cancel it whenever you like. It’s your time.

— Matthew Rechs (@MrEchs) April 18, 2022

This is the flowchart of how slack decides to send a notification.

It is a great example of why a simple feature may take much longer to develop than many people think.

What’s your takeaway from this diagram?

Image source: https://t.co/INrVLUZ2nX pic.twitter.com/fsdIE61ZxH

— Alex Xu (@alexxubyte) April 15, 2022

I use #ThreatModeling https://t.co/HZwu5DRpnc at work. Here are some of the approaches that help you go further down the threat-modeling rabbithole. A 🧵 1/

— Abhay Bhargav is @SecAppDev (@abhaybhargav) April 14, 2022

A year ago, a non-academic friend listened to a talk I gave. I thought it went great. My friend disagreed.

She said that academics are experts at making interesting stuff boring—and that we should all take a speech class.

So I did. And here are 6 most useful things I learned.

— Nicholas Coles, PhD (@coles_nicholas_) April 4, 2022

11 MindMaps I have created that you may find useful!

🧵

— Harsh Bothra (@harshbothra_) March 30, 2022

Some 𝐃𝐞𝐯𝐎𝐩𝐬 books I find enlightening:

🔹Accelerate - presents both the findings and the science behind measuring software delivery performance.

🔹Continuous Delivery - introduces automated architecture management and data migration. pic.twitter.com/tztfOQOiKR

— Alex Xu (@alexxubyte) March 28, 2022

What are y'all using?https://t.co/b6SgH0gPuC

— Neil H. Watson (@neil_h_watson) March 18, 2022

Best search 🔎 engines for Pentesters and Security Professionals.

→ google .com
→ Shodan .io
→ Censys .io
→ Hunter .io
→ redhuntlabs .com
→ fullhunt .io
→ onyphe .io
→ fofa .so
→ socradar .io
→ synapsint .com
→ binaryedge .io
→ ivre .rocks
→ crt .sh

— Lohitaksh Nandan (@NandanLohitaksh) June 17, 2022

If you are looking to #automate your #network here are a few tools you should check out (and why!) ...
👇👇👇 #networkautomation

— Rick Donato (@rickjdon) June 22, 2022

1/ I've been managing people remotely for 8 years. Here's how to be a better manager in a remote (distributed) team:

— Job (@Jobvo) July 2, 2022

Finished reading 𝗪𝗿𝗶𝘁𝗲 𝗨𝘀𝗲𝗳𝘂𝗹 𝗕𝗼𝗼𝗸𝘀 by Rob Fitzpatrick 📚

Wow... everything sounded so obvious & simple when reading, even though I wasn't aware of mostly anything 🤯

Highly recommended 🙏

— Tobias Schmidt (@tpschmidt_) July 5, 2022

Git Tip: do this and thank me later

Link to docs: https://t.co/8WmcpDPhdK pic.twitter.com/V31lCRvNqc

— Santosh Yadav 🥑 | GitHub ⭐ | GDE (@SantoshYadavDev) August 12, 2022

Nobody asked for this, but here's a new bot who tweets whenever a change occurs to AWS Network IP Ranges with the total number of AWS-owned IPs (v4 or v6).https://t.co/YBiKXJSvEW

— Victor Grenu 🏴‍☠️ (@zoph) August 19, 2022

Tools that make #Pentesting #Azure easier:

TeamFiltration: https://t.co/juQ7i4OaHA

RoadTools:https://t.co/8eHhHFsStK

ScoutSuite:https://t.co/9yLKNITaHE

Microburst:https://t.co/b9A9JEPXBK

AAD Internals:https://t.co/Uj0gOCLBAP

OneDrive Enum:https://t.co/e2jrAMxq6E

— rootsecdev (@rootsecdev) September 21, 2022

Have you ever wondered what recent AccessDenieds were on your AWS account?

This dead simple CloudWatch Insights query will answer it for you, and you will be surprised.

Copy/PasteOps, see you next tweet 👋 pic.twitter.com/7GCa3gUUbn

— Victor Grenu 🏴‍☠️ (@zoph) September 21, 2022

One tool I've used to reduce the number of NACLs entries: It allows merging CIDRs and removing potential duplicates.https://t.co/Wg6DyFduak

— Victor Grenu 🏴‍☠️ (@zoph) September 15, 2022