MorattiSec
@lizzie.coffee
I do cloud security. I blog semi-annually with Dopamine Driven Development. Co-author on TunnelVision.
Reposted by MorattiSec
A lot of automated systems will block you committing passwords in your code, so you’re gonna want to base64 encode them to get around that.
You’re a developer; you’ve got to move quickly. We don’t call it a sprint so you can sit around waiting for approvals.
You’re a developer; you’ve got to move quickly. We don’t call it a sprint so you can sit around waiting for approvals.
February 20, 2025 at 1:22 AM
A lot of automated systems will block you committing passwords in your code, so you’re gonna want to base64 encode them to get around that.
You’re a developer; you’ve got to move quickly. We don’t call it a sprint so you can sit around waiting for approvals.
You’re a developer; you’ve got to move quickly. We don’t call it a sprint so you can sit around waiting for approvals.
Reposted by MorattiSec
Suddenly, out of nowhere, a declassified World War II-era CIA guide to sabotaging fascism in the workplace has become one of the most popular free ebooks on the internet:
www.404media.co/declassified...
www.404media.co/declassified...
Declassified CIA Guide to Sabotaging Fascism Is Suddenly Viral
The World War II-era "Simple Sabotage Field Manual" is full of steps that office workers can take to resist leadership.
www.404media.co
January 29, 2025 at 8:53 PM
Suddenly, out of nowhere, a declassified World War II-era CIA guide to sabotaging fascism in the workplace has become one of the most popular free ebooks on the internet:
www.404media.co/declassified...
www.404media.co/declassified...
I’m tired of the number of notifications I get in a day
December 26, 2024 at 12:32 AM
I’m tired of the number of notifications I get in a day
Reposted by MorattiSec
Strong endorse. I’ve never found it credible that the VPN provider was magically more trustworthy than the ISP.
50% of cybersecurity is endlessly explaining that consumer VPNs don’t address any real cybersecurity issues. They are basically only useful for bypassing geofences and making money telling people they need to buy a VPN
December 22, 2024 at 6:22 PM
Strong endorse. I’ve never found it credible that the VPN provider was magically more trustworthy than the ISP.
www.cisa.gov/sites/defaul...
(This is in the context of highly targeted individuals)
This is such a succinct way to put it. Glad to see CISAs guidance actually calls this out.
(This is in the context of highly targeted individuals)
This is such a succinct way to put it. Glad to see CISAs guidance actually calls this out.
December 19, 2024 at 11:00 PM
www.cisa.gov/sites/defaul...
(This is in the context of highly targeted individuals)
This is such a succinct way to put it. Glad to see CISAs guidance actually calls this out.
(This is in the context of highly targeted individuals)
This is such a succinct way to put it. Glad to see CISAs guidance actually calls this out.
Reposted by MorattiSec
Everyone starts off thinking they want writing advice but slowly finds out what they're really looking for is writing _confidence_ to get in the chair and do the work.
December 7, 2024 at 8:59 AM
Everyone starts off thinking they want writing advice but slowly finds out what they're really looking for is writing _confidence_ to get in the chair and do the work.
Reposted by MorattiSec
Here @jasonkoebler.bsky.social writes his friend was filling out surveys/games to get few dollars off essential medication. People are outpouring their "horrendous, inhumane, heartbreaking experiences with a profit-driven, private American healthcare system" www.404media.co/behind-the-b...
December 6, 2024 at 5:37 PM
Here @jasonkoebler.bsky.social writes his friend was filling out surveys/games to get few dollars off essential medication. People are outpouring their "horrendous, inhumane, heartbreaking experiences with a profit-driven, private American healthcare system" www.404media.co/behind-the-b...
I just stumbled on my research paper from college.
My English class was themed for Lord of The Rings so I did a cultural analysis of what each race found beautiful and whether or not Tolkiens declaration that orcs could not perceive beauty was true. 😅
My English class was themed for Lord of The Rings so I did a cultural analysis of what each race found beautiful and whether or not Tolkiens declaration that orcs could not perceive beauty was true. 😅
December 5, 2024 at 11:12 PM
I just stumbled on my research paper from college.
My English class was themed for Lord of The Rings so I did a cultural analysis of what each race found beautiful and whether or not Tolkiens declaration that orcs could not perceive beauty was true. 😅
My English class was themed for Lord of The Rings so I did a cultural analysis of what each race found beautiful and whether or not Tolkiens declaration that orcs could not perceive beauty was true. 😅
Anyone ever use TXT dns records to keep track of which internal department manages a domain? It was a passing thought I had but it seems like it might actually work well with minimal info leakage.
December 3, 2024 at 5:20 PM
Anyone ever use TXT dns records to keep track of which internal department manages a domain? It was a passing thought I had but it seems like it might actually work well with minimal info leakage.
A trust policy is technically a resource policy
December 3, 2024 at 4:28 AM
A trust policy is technically a resource policy
One does not simply create an asset inventory when there’s multiple environments and sufficient organizational complexity.
November 28, 2024 at 11:36 PM
One does not simply create an asset inventory when there’s multiple environments and sufficient organizational complexity.
Finally, a chance to use Chef.
I had a dream I was making eggs by defining it in a IaC module.
This shits gone too far.
This shits gone too far.
November 28, 2024 at 10:55 PM
Finally, a chance to use Chef.
Most authors are not cited frequently.
The mysterious author known as Et Al is a statistical outlier and should not be included.
The mysterious author known as Et Al is a statistical outlier and should not be included.
November 28, 2024 at 8:11 PM
Most authors are not cited frequently.
The mysterious author known as Et Al is a statistical outlier and should not be included.
The mysterious author known as Et Al is a statistical outlier and should not be included.
Ah yes, using my backup pair of glasses for a year might not have been the correct choice. New ones on the way 👩🏫
November 27, 2024 at 11:57 PM
Ah yes, using my backup pair of glasses for a year might not have been the correct choice. New ones on the way 👩🏫
Yeah security is hard but have you ever had to debug Reaper and a virtual audio cable? Some things are science and others are duct tape,
hope, prayers and drivers.
hope, prayers and drivers.
November 24, 2024 at 6:18 PM
Yeah security is hard but have you ever had to debug Reaper and a virtual audio cable? Some things are science and others are duct tape,
hope, prayers and drivers.
hope, prayers and drivers.
That firm is getting either fired or a strongly worded lawsuit.
This is one of my biggest fears with junior pentesters (and some seniors). You can’t just treat your testing like it’s a lab. You _need_ to keep track of your interactions with a target and do cleanup.
This is one of my biggest fears with junior pentesters (and some seniors). You can’t just treat your testing like it’s a lab. You _need_ to keep track of your interactions with a target and do cleanup.
RIP "Within this assessment, the red team (also referred to as ‘the team’) gained initial access through a web shell left from a third party’s previous security assessment."
www.cisa.gov/news-events/...
www.cisa.gov/news-events/...
Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a US Critical Infrastructure Sector Organization | CISA
www.cisa.gov
November 21, 2024 at 6:41 PM
That firm is getting either fired or a strongly worded lawsuit.
This is one of my biggest fears with junior pentesters (and some seniors). You can’t just treat your testing like it’s a lab. You _need_ to keep track of your interactions with a target and do cleanup.
This is one of my biggest fears with junior pentesters (and some seniors). You can’t just treat your testing like it’s a lab. You _need_ to keep track of your interactions with a target and do cleanup.
Here’s 6 ideas for CloudSec research to celebrate our community migration onto BlueSky 🦋
1. Time-till-first-response Ransomware — how long does it take for a cloud security platform to log an event for encrypting data. How much data can you encrypt in that time? How do different platforms compare?
1. Time-till-first-response Ransomware — how long does it take for a cloud security platform to log an event for encrypting data. How much data can you encrypt in that time? How do different platforms compare?
November 19, 2024 at 8:13 PM
Here’s 6 ideas for CloudSec research to celebrate our community migration onto BlueSky 🦋
1. Time-till-first-response Ransomware — how long does it take for a cloud security platform to log an event for encrypting data. How much data can you encrypt in that time? How do different platforms compare?
1. Time-till-first-response Ransomware — how long does it take for a cloud security platform to log an event for encrypting data. How much data can you encrypt in that time? How do different platforms compare?
I’m curious how people are reviewing pentest proposals. No one really talks about this openly.
It seems like if you come from a background of a pentest consulting you have a massive advantage — if you ever had to scope or work with sales.
It seems like if you come from a background of a pentest consulting you have a massive advantage — if you ever had to scope or work with sales.
November 18, 2024 at 8:52 PM
I’m curious how people are reviewing pentest proposals. No one really talks about this openly.
It seems like if you come from a background of a pentest consulting you have a massive advantage — if you ever had to scope or work with sales.
It seems like if you come from a background of a pentest consulting you have a massive advantage — if you ever had to scope or work with sales.
I think I’ve landed on what my next blogpost will be.
It’s so lovely when you write down a sentence and then come back a week later and go “oh wait, that would actually be really helpful.”
It’s so lovely when you write down a sentence and then come back a week later and go “oh wait, that would actually be really helpful.”
November 18, 2024 at 8:38 PM
I think I’ve landed on what my next blogpost will be.
It’s so lovely when you write down a sentence and then come back a week later and go “oh wait, that would actually be really helpful.”
It’s so lovely when you write down a sentence and then come back a week later and go “oh wait, that would actually be really helpful.”