husband, dad, hacker, entrepreneur, runs with scissors | founder/chair/cto @bugcrowd | co-founder @disclose_io | make secure easy, and insecure obvious

0.0.0.0/24
Joined July 2009
infosec googling: β€œwhat is dual use”
4
1
1
20
cje πŸ˜·πŸ’‰πŸ’ͺπŸ’‰ retweeted
*whispers* If a patch is available, it's not a 0-day... Words are hard & there is grey in the nitty gritty of when exactly is a bug no longer 0-day, but...I think we need to agree that if the patch is released and *then* exploitation occurs, that is not "exploiting a 0-day".
9
58
10
351
Show this thread
cje πŸ˜·πŸ’‰πŸ’ͺπŸ’‰ retweeted
Mark has been educating me on the technology side of this for something like 20 years. He is committed to lifting the public discourse on the 0day market because, frankly, right now it's pretty piss poor. The obvious disclaimer on this one is we're good friends.
1
1
0
22
Show this thread
cje πŸ˜·πŸ’‰πŸ’ͺπŸ’‰ retweeted
Just finished a one hour interview with @mdowd. We spoke about the history of Azimuth, the offensive market, policymakers' misconceptions about 0day and what the future holds for domestic law enforcement and foreign SIGINT as traditional exploitation techniques become infeasible.
I'm doing an interview today that I think is an important one. It's an interview a lot of journalists have wanted to do, but haven't been able to. Sorry to be so mysterious... more news on this soon
2
11
1
100
Show this thread
cje πŸ˜·πŸ’‰πŸ’ͺπŸ’‰ retweeted
Replying to @caseyjohnellis
outside
2
1
0
8
I don’t know who needs to hear this - STOP TAKING SHORTCUTS
0
3
0
28
β€œThe supreme art of war is to subdue the enemy without fighting” - Sun Tzu, ranked #4 on the all-time leaderboard
Replying to @gattaca
β€œI was misquoted.” β€” Sun Tzu, On Cyber War
1
1
0
1
2 years ago - bridgetown, barbados (aka β€œthat time folks who don’t understand how US visa renewals work thought we were just vacationing”)
1
0
0
19
cje πŸ˜·πŸ’‰πŸ’ͺπŸ’‰ retweeted
CISA director @CISAJen is the latest to urge cyber incident reporting mandates for critical infrastructure at today's @HSGAC hearing. Notably, she urges giving @CISAgov flexibility in any legislation to define what those requirements look like.
1
6
0
16
Show this thread
OSINT challenge... where was i? (aussie's, esp sydneysiders, should sit this one out)
5
1
0
1
cje πŸ˜·πŸ’‰πŸ’ͺπŸ’‰ retweeted
I'm thrilled to share I'm now part of @safestack! I've been following @lady_nerd @Sputina and the team on their journey, and the opportunity to focus on the intersection of appsec, education, software engineering and modern tech is one I'm so looking forward to diving into
10
4
2
63
GIF
cje πŸ˜·πŸ’‰πŸ’ͺπŸ’‰ retweeted
Omg it’s definitely a thing now
16
22
4
174
Show this thread
ICYMI: Attackers exploit MSHTML browser engine via malicious ActiveX controls m.cje.io/3nZRsf1
3
0
0
4
Biden administration issuing new security guidance to companies aimed at blunting cyberattacks m.cje.io/3nXuu8t
0
1
0
0
National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems | The White House m.cje.io/3nXUQHj
1
3
0
6