Winnona
@winnona.bsky.social
@DistrictCon Founder. Harvard & Georgetown MPP/JD candidate. @CyberStatecraft / @BelferCenter fellow, ex-Google threat research. Dog mom. Opinions=my own 👩🏻💻
Pinned
Winnona
@winnona.bsky.social
· Jun 25
Crash (exploit) and burn: Securing the offensive cyber supply chain to counter China in cyberspace
If the United States wishes to compete in cyberspace, it must compete against China to secure its offensive cyber supply chain.
www.atlanticcouncil.org
🚨 NEW PAPER on the 0day Supply Chain 🚨:
I gathered open source data & interviewed Gov employees, VR and china researchers to figure out what the zero day marketplace looks like in the U.S. and how it compares to China.
key findings below ⬇️- 0/🧵 www.atlanticcouncil.org/in-depth-res...
I gathered open source data & interviewed Gov employees, VR and china researchers to figure out what the zero day marketplace looks like in the U.S. and how it compares to China.
key findings below ⬇️- 0/🧵 www.atlanticcouncil.org/in-depth-res...
Reposted by Winnona
One fun thing the @dreadnode.bsky.social CTI agent is unearthing from the Great Firewall leaks is how many of the employees of this Chinese deep-packet inspection/malware intro/censorship company are also part-time (PhD) students
If it can work for them, it can work for me!
.
If it can work for them, it can work for me!
.
November 11, 2025 at 2:19 PM
One fun thing the @dreadnode.bsky.social CTI agent is unearthing from the Great Firewall leaks is how many of the employees of this Chinese deep-packet inspection/malware intro/censorship company are also part-time (PhD) students
If it can work for them, it can work for me!
.
If it can work for them, it can work for me!
.
Reposted by Winnona
Interested in Jump The Wall? Applications close Nov 7 🔥
www.districtcon.org/jtw
www.districtcon.org/jtw
October 31, 2025 at 7:52 PM
Interested in Jump The Wall? Applications close Nov 7 🔥
www.districtcon.org/jtw
www.districtcon.org/jtw
Reposted by Winnona
Interesting paper out of Dartmouth about private sector's role in U.S. offensive cyber landscape. Recommends a national offensive cyber strategy and a pilot program for private sector access to "low-risk" targets like crypto scammers and ransomware operators:
sergeybratus.gitlab.io/papers/Dartm...
sergeybratus.gitlab.io/papers/Dartm...
sergeybratus.gitlab.io
October 23, 2025 at 3:30 PM
Interesting paper out of Dartmouth about private sector's role in U.S. offensive cyber landscape. Recommends a national offensive cyber strategy and a pilot program for private sector access to "low-risk" targets like crypto scammers and ransomware operators:
sergeybratus.gitlab.io/papers/Dartm...
sergeybratus.gitlab.io/papers/Dartm...
Reposted by Winnona
This is going to be SO good!
We're officially announcing our speakers DistrictCon Year 1! Check out our incredible lineup: www.districtcon.org/speakers
This also includes our Day 1 & Day 2 Keynotes from Ian Levy and Dan Ridge.
And don't forget, GA tickets go on sale November 16! See you in January! 🪩
This also includes our Day 1 & Day 2 Keynotes from Ian Levy and Dan Ridge.
And don't forget, GA tickets go on sale November 16! See you in January! 🪩
October 27, 2025 at 5:51 PM
This is going to be SO good!
Reposted by Winnona
We're officially announcing our speakers DistrictCon Year 1! Check out our incredible lineup: www.districtcon.org/speakers
This also includes our Day 1 & Day 2 Keynotes from Ian Levy and Dan Ridge.
And don't forget, GA tickets go on sale November 16! See you in January! 🪩
This also includes our Day 1 & Day 2 Keynotes from Ian Levy and Dan Ridge.
And don't forget, GA tickets go on sale November 16! See you in January! 🪩
October 27, 2025 at 4:41 PM
We're officially announcing our speakers DistrictCon Year 1! Check out our incredible lineup: www.districtcon.org/speakers
This also includes our Day 1 & Day 2 Keynotes from Ian Levy and Dan Ridge.
And don't forget, GA tickets go on sale November 16! See you in January! 🪩
This also includes our Day 1 & Day 2 Keynotes from Ian Levy and Dan Ridge.
And don't forget, GA tickets go on sale November 16! See you in January! 🪩
Reposted by Winnona
Come see ya boy
We're officially announcing our speakers DistrictCon Year 1! Check out our incredible lineup: www.districtcon.org/speakers
This also includes our Day 1 & Day 2 Keynotes from Ian Levy and Dan Ridge.
And don't forget, GA tickets go on sale November 16! See you in January! 🪩
This also includes our Day 1 & Day 2 Keynotes from Ian Levy and Dan Ridge.
And don't forget, GA tickets go on sale November 16! See you in January! 🪩
October 27, 2025 at 5:58 PM
Come see ya boy
Reposted by Winnona
In early 2019 while at the German Parliament‘s Foreign Affairs Committee, I imagined this exact scenario: China using the rare earth supply chain to get fully visibility and self-reinforcing leverage. When urged to develop other sources, such as Malaysia (where I even went), Merkel gov did nothing.
German Firms Hand Over Secrets That China Could Use for Leverage
As German firms wrestle with new Chinese controls on rare earths, they are handing Beijing sensitive supply chain information it could potentially use to squeeze manufacturers or shut down production ...
www.bloomberg.com
October 25, 2025 at 1:27 PM
In early 2019 while at the German Parliament‘s Foreign Affairs Committee, I imagined this exact scenario: China using the rare earth supply chain to get fully visibility and self-reinforcing leverage. When urged to develop other sources, such as Malaysia (where I even went), Merkel gov did nothing.
Reposted by Winnona
Reposted by Winnona
So my other big piece of the day is an inside look at the struggle for the future of the CVE programthat just went live at CyberScoop. 1/2
cyberscoop.com/cve-program-...
cyberscoop.com/cve-program-...
Behind the struggle for control of the CVE program
Following a funding scare that nearly shuttered the CVE program, outside experts and CISA are positioning to take charge of the 25-year-old system before the next funding crisis hits.
cyberscoop.com
October 20, 2025 at 1:27 PM
So my other big piece of the day is an inside look at the struggle for the future of the CVE programthat just went live at CyberScoop. 1/2
cyberscoop.com/cve-program-...
cyberscoop.com/cve-program-...
Reposted by Winnona
Washington is rethinking the relationship between government agencies and the private sector in offensive cyber, considering giving the private sector a more active role. Perfect timing for @winnona.bsky.social & Sergey Bratus to put out this well-reasoned and legally grounded perspective:
Publications
ists.dartmouth.edu
October 20, 2025 at 12:12 PM
Washington is rethinking the relationship between government agencies and the private sector in offensive cyber, considering giving the private sector a more active role. Perfect timing for @winnona.bsky.social & Sergey Bratus to put out this well-reasoned and legally grounded perspective:
Reposted by Winnona
Reposted by Winnona
If the CISA 2015 info-sharing law expires tomorrow, CISA the agency may eliminate its real-time threat indicator sharing database, according to a new DHS OIG report. www.oig.dhs.gov/sites/defaul...
Participation in sharing program has been declining since 2020. Post-expiration plans unclear.
Participation in sharing program has been declining since 2020. Post-expiration plans unclear.
September 30, 2025 at 3:01 PM
If the CISA 2015 info-sharing law expires tomorrow, CISA the agency may eliminate its real-time threat indicator sharing database, according to a new DHS OIG report. www.oig.dhs.gov/sites/defaul...
Participation in sharing program has been declining since 2020. Post-expiration plans unclear.
Participation in sharing program has been declining since 2020. Post-expiration plans unclear.
Mark your calendars!! 💕
🚨T I C K E T D R O P D A T E S 🚨
you asked, we're answering 😉
Early Bird: Sep 15 (Mon), noon EST
GA: Nov 16, 2025 (Sat), noon EST
www.eventbrite.com/e/districtco...
you asked, we're answering 😉
Early Bird: Sep 15 (Mon), noon EST
GA: Nov 16, 2025 (Sat), noon EST
www.eventbrite.com/e/districtco...
DistrictCon Year 1
DistrictCon is a DC hacker con, focusing on hacking together and exchanging ideas over typical talk tracks.
www.eventbrite.com
August 26, 2025 at 4:16 PM
Mark your calendars!! 💕
Reposted by Winnona
Speaking as a Chinese person, in the Chinese culture, money is often given to others in a gesture of bribery.
August 21, 2025 at 12:18 AM
Speaking as a Chinese person, in the Chinese culture, money is often given to others in a gesture of bribery.
Reposted by Winnona
Reposted by Winnona
I stopped by DistrictCon earlier this year, (no ticket) but was able to borrow a badge and such.
The vibes were awesome, the people were great, and even with a multi-block power outage at the venue, they were still able to keep it going.
I recommend this one in DC
The vibes were awesome, the people were great, and even with a multi-block power outage at the venue, they were still able to keep it going.
I recommend this one in DC
Our Call for Papers is officially OPEN!
We are looking for
- Hacking Magic 👾🪄 (cool research, novel TTPs, tool releases, etc.)
- Policy Roundtable Topics ⚖️ (specific cyber topics focused on geopolitics, ethics, legal frameworks, governance, etc.)
www.districtcon.org/cfp
We are looking for
- Hacking Magic 👾🪄 (cool research, novel TTPs, tool releases, etc.)
- Policy Roundtable Topics ⚖️ (specific cyber topics focused on geopolitics, ethics, legal frameworks, governance, etc.)
www.districtcon.org/cfp
August 15, 2025 at 4:52 PM
I stopped by DistrictCon earlier this year, (no ticket) but was able to borrow a badge and such.
The vibes were awesome, the people were great, and even with a multi-block power outage at the venue, they were still able to keep it going.
I recommend this one in DC
The vibes were awesome, the people were great, and even with a multi-block power outage at the venue, they were still able to keep it going.
I recommend this one in DC
Reposted by Winnona
Our Call for Papers is officially OPEN!
We are looking for
- Hacking Magic 👾🪄 (cool research, novel TTPs, tool releases, etc.)
- Policy Roundtable Topics ⚖️ (specific cyber topics focused on geopolitics, ethics, legal frameworks, governance, etc.)
www.districtcon.org/cfp
We are looking for
- Hacking Magic 👾🪄 (cool research, novel TTPs, tool releases, etc.)
- Policy Roundtable Topics ⚖️ (specific cyber topics focused on geopolitics, ethics, legal frameworks, governance, etc.)
www.districtcon.org/cfp
August 15, 2025 at 4:10 PM
Our Call for Papers is officially OPEN!
We are looking for
- Hacking Magic 👾🪄 (cool research, novel TTPs, tool releases, etc.)
- Policy Roundtable Topics ⚖️ (specific cyber topics focused on geopolitics, ethics, legal frameworks, governance, etc.)
www.districtcon.org/cfp
We are looking for
- Hacking Magic 👾🪄 (cool research, novel TTPs, tool releases, etc.)
- Policy Roundtable Topics ⚖️ (specific cyber topics focused on geopolitics, ethics, legal frameworks, governance, etc.)
www.districtcon.org/cfp
Reposted by Winnona
How did China's top APT hackers come to be? Many were early "Honkers" - patriotic hackers who in late 90s launched low-skill cyberattacks against nations deemed disrespectful to China. But once Honkers developed their skills, PLA/MSS came calling. Based on great research by bsky.app/profile/eube...
How China’s Patriotic ‘Honkers’ Became the Nation’s Elite Cyber Spies
A new report traces the history of the early wave of Chinese hackers who became the backbone of the state's espionage apparatus.
www.wired.com
July 18, 2025 at 3:48 PM
How did China's top APT hackers come to be? Many were early "Honkers" - patriotic hackers who in late 90s launched low-skill cyberattacks against nations deemed disrespectful to China. But once Honkers developed their skills, PLA/MSS came calling. Based on great research by bsky.app/profile/eube...
Was a ton of fun to talk about the 0day market and Pall Mall at Summercon! Thanks for having me 💕
July 12, 2025 at 9:22 PM
Was a ton of fun to talk about the 0day market and Pall Mall at Summercon! Thanks for having me 💕
“alignment with CCP priorities offers privileged access to state resources, regulatory favor, and expanded commercial opportunities [to hackers]."
NEW Phenomenal report on Chinese civil military fusion and cyber militias by Kieran Green: margin.re/mobilizing-c...
NEW Phenomenal report on Chinese civil military fusion and cyber militias by Kieran Green: margin.re/mobilizing-c...
Mobilizing Cyber Power: The Growing Role of Cyber Militias in China’s Network Warfare Force Structure
This report examines how China’s cybersecurity industry fields reserve and militia units in support of the PLA and national mobilization system.
margin.re
July 9, 2025 at 12:19 PM
“alignment with CCP priorities offers privileged access to state resources, regulatory favor, and expanded commercial opportunities [to hackers]."
NEW Phenomenal report on Chinese civil military fusion and cyber militias by Kieran Green: margin.re/mobilizing-c...
NEW Phenomenal report on Chinese civil military fusion and cyber militias by Kieran Green: margin.re/mobilizing-c...
Reposted by Winnona
Reposted by Winnona
We’re proud to announce the Review Board for DistrictCon’s call for papers! Our CFP will open next month, and we're excited to receive all your submissions! www.districtcon.org/cfp
July 7, 2025 at 4:52 PM
We’re proud to announce the Review Board for DistrictCon’s call for papers! Our CFP will open next month, and we're excited to receive all your submissions! www.districtcon.org/cfp
Reposted by Winnona
It's almost like surveillance capitalism is a problem for *everyone*
According to a DOJ IG report released this week, the Sinaloa cartel identified an FBI official working at the U.S. Embassy in Mexico, tracked him via phone location data, tapped into Mexico’s surveillance camera network, & killed an unspecified number of informants.
www.reuters.com/world/americ...
www.reuters.com/world/americ...
Sinaloa cartel used phone data and surveillance cameras to find FBI informants, DOJ says
A hacker working for the Sinaloa drug cartel was able to obtain an FBI official's phone records and use Mexico City's surveillance cameras to help track and kill the agency's informants in 2018, the U.S. Justice Department said in a report issued on Thursday.
www.reuters.com
June 28, 2025 at 8:43 PM
It's almost like surveillance capitalism is a problem for *everyone*
Reposted by Winnona
Extremely interesting comparisons in cybersecurity...
The 1️⃣ thing to focus on? Talent.
Talented people have outsize impacts in software and cybersecurity. And expertise drives better policy (eventually)!
Pipelines to build more experts pay compounding returns.
The 1️⃣ thing to focus on? Talent.
Talented people have outsize impacts in software and cybersecurity. And expertise drives better policy (eventually)!
Pipelines to build more experts pay compounding returns.
🚨 NEW PAPER on the 0day Supply Chain 🚨:
I gathered open source data & interviewed Gov employees, VR and china researchers to figure out what the zero day marketplace looks like in the U.S. and how it compares to China.
key findings below ⬇️- 0/🧵 www.atlanticcouncil.org/in-depth-res...
I gathered open source data & interviewed Gov employees, VR and china researchers to figure out what the zero day marketplace looks like in the U.S. and how it compares to China.
key findings below ⬇️- 0/🧵 www.atlanticcouncil.org/in-depth-res...
Crash (exploit) and burn: Securing the offensive cyber supply chain to counter China in cyberspace
If the United States wishes to compete in cyberspace, it must compete against China to secure its offensive cyber supply chain.
www.atlanticcouncil.org
June 25, 2025 at 3:24 PM
Extremely interesting comparisons in cybersecurity...
The 1️⃣ thing to focus on? Talent.
Talented people have outsize impacts in software and cybersecurity. And expertise drives better policy (eventually)!
Pipelines to build more experts pay compounding returns.
The 1️⃣ thing to focus on? Talent.
Talented people have outsize impacts in software and cybersecurity. And expertise drives better policy (eventually)!
Pipelines to build more experts pay compounding returns.