Red Team Lead at $TECHCOMPANY. Ex-Principal Consultant and Researcher @ iSEC Partners/NCC Group. Keyboard cowboy. Cyber Pathogen Dealer. Views solely mine.

Colorado
Joined March 2014
The cloud is someone else's computer.. Your code is someone else's GitHub...
This tweet is unavailable
4
19
107
Show this thread
Aaron Grattafiori retweeted
FYI, Facebook reporting more images to NCMEC than the rest of tech combined is a *good* thing and is why the media/Congress should incentivize driving down prevalence instead of driving down detections. The companies with 1B users and <100 reports are the problem.
16
16
187
Show this thread
Aaron Grattafiori retweeted
I’m excited to announce my next venture, DemocracyPillow. It offers all of the comfort of a free and fair election, without any of the martial law!
1,482
9,214
96,817
Aaron Grattafiori retweeted
+1, most red team exercises divide into thirds, 1/3 is reading rfc, manual, design docs, code. 1/3 is hands-on execution, and 1/3 is writing and presenting. Writing is a huge part of my work - contextualizing risk and capturing an attacker's journey in story form.
People ask me if I think pentesting is right for them and while I can’t tell anyone for sure if they’ll love a career, I can say with certainty that if you loathe writing reports and making slide decks to communicate said reports then you might not love pentesting lol
Show this thread
3
7
46
They're right about the Open Tech Fund use, and wrong about basically everything else. OTF helped (+still helps?), a ton of open source projects with funding, as well as pays for trusted security firms to perform application security assessments. I know because I worked on them.
given that signal is blowing up, time for my public service announcement: @signalapp is a government op. it was created and funded by a CIA spinoff. it is *not* your friend. yasha.substack.com/p/signal-…
Show this thread
2
5
16
Aaron Grattafiori retweeted
Andrew Yang walking around NYC like
96
3,685
28,902
GIF
I was an early 1980s Internet hacker. Let me explain why "Bugtraq" is probably the most important achievement in the world of cybersecurity.
After 9,933 days (27y, 2m, 10d), the Bugtraq mail list has finally reached its end and is being shut down. bit.ly/38LmXl1
17
392
1,016
Show this thread
Bugtraq itself hasn't been important for almost 20 years, but that's simply because it won. We are all Bugtraq now.
11
45
357
Show this thread