Tweets
Notable tweets with either useful information or links to other resources.
Hope you find these useful!
A quick rage-thread about credentials. When security auditors just say things like "Critical credentials need to be rotated every 90 days" you need to fire them into the sun with urgency. Here's what you actually need ...
— Colm MacCárthaigh (@colmmacc) June 1, 2022
Bezos banned PowerPoint in his meetings.
— Rob Lennon 🗯 (@thatroblennon) May 30, 2022
"Memos only" created a writing culture at Amazon unlike any other.
13 writing principles to impress your boss (even Bezos):
Our new condition keys allow you to limit your principals’ access to include only resources belonging to a specific AWS account, AWS organization, or OU.
— AWS Identity (@AWSIdentity) May 10, 2022
Learn how they can form part of a wider security strategy to create a perimeter around your data. 👇 https://t.co/zdYDWVsSAQ
I have created a lot of useful little hacking tools over the last few years, sometimes I tweet about them, sometimes I don't.
— hakluke 👨💻🚀 (@hakluke) May 11, 2022
Here's a list of some of the most useful ones, and a brief explanation of what they do! 🧵👇
In my @WWHackinFest talk last week, we saw how an adversary can execute each piece of this attack path, turning initial access into the Azure tenant into Global Admin. What should defenders do about this? A short thread: 🧵 pic.twitter.com/1vFQt8tgl1
— Andy Robbins (@_wald0) May 9, 2022
15 best engineering blogs for improving System Design skills:
— Sunil Kumar (@sunilc_) May 2, 2022
( Understand how engineering teams at top tech companies build scalable systems )
We've launched 3 new condition keys to help you to control access along your AWS organizational boundaries:
— AWS Identity (@AWSIdentity) April 27, 2022
🔑 aws:ResourceOrgID
🔑 aws:ResourceOrgPaths
🔑 aws:ResourceAccount
Learn how to get started. https://t.co/BEj2cMwouy pic.twitter.com/52Ekuz9mx1
Incredible how most engineering managers don't realize how measuring developer productivity by visualizing JIRA+git stats is a dead-end if you want truly high-performing teams.
— Gergely Orosz (@GergelyOrosz) April 28, 2022
This path works just like mandating that teams use Scrum. Yes: it helps bad teams get better.
Are you responsible for Azure AD in your org? This is a MUST read.
— Merill Fernando • 🇦🇺 • 🇱🇰 (@merill) April 26, 2022
What happens when someone accidentally runs a script that deletes all the user objects in your tenant? What if you delete all the apps? Here is a short but important thread. 👇🧵 pic.twitter.com/Yfah36b90j
Metrics from GitHub and JIRA can't tell you how productive an engineering team is.
— Laura Tacho 🌮 (@rhein_wein) April 25, 2022
11 Promises from a Manager: a 🧵
— Matthew Rechs (@MrEchs) April 18, 2022
1. We’ll have a weekly 1:1. I’ll never cancel this meeting, but you can cancel it whenever you like. It’s your time.
This is the flowchart of how slack decides to send a notification.
— Alex Xu (@alexxubyte) April 15, 2022
It is a great example of why a simple feature may take much longer to develop than many people think.
What’s your takeaway from this diagram?
Image source: https://t.co/INrVLUZ2nX pic.twitter.com/fsdIE61ZxH
I use #ThreatModeling https://t.co/HZwu5DRpnc at work. Here are some of the approaches that help you go further down the threat-modeling rabbithole. A 🧵 1/
— Abhay Bhargav is @SecAppDev (@abhaybhargav) April 14, 2022
A year ago, a non-academic friend listened to a talk I gave. I thought it went great. My friend disagreed.
— Nicholas Coles, PhD (@coles_nicholas_) April 4, 2022
She said that academics are experts at making interesting stuff boring—and that we should all take a speech class.
So I did. And here are 6 most useful things I learned.
11 MindMaps I have created that you may find useful!
— Harsh Bothra (@harshbothra_) March 30, 2022
🧵
Some 𝐃𝐞𝐯𝐎𝐩𝐬 books I find enlightening:
— Alex Xu (@alexxubyte) March 28, 2022
🔹Accelerate - presents both the findings and the science behind measuring software delivery performance.
🔹Continuous Delivery - introduces automated architecture management and data migration. pic.twitter.com/tztfOQOiKR
What are y'all using?https://t.co/b6SgH0gPuC
— Neil H. Watson (@neil_h_watson) March 18, 2022
Best search 🔎 engines for Pentesters and Security Professionals.
— Lohitaksh Nandan (@NandanLohitaksh) June 17, 2022
→ google .com
→ Shodan .io
→ Censys .io
→ Hunter .io
→ redhuntlabs .com
→ fullhunt .io
→ onyphe .io
→ fofa .so
→ socradar .io
→ synapsint .com
→ binaryedge .io
→ ivre .rocks
→ crt .sh