Dailydave March 2023

dailydave@lists.aitelfoundation.org

2 participants
2 discussions

Yawps from the rooftops
by Dave Aitel 05 Jun '23

05 Jun '23

[image: image.png]https://twitter.com/thezdi/status/1638617627626176513 [image: image.png] Yawps So one thing I have as a "lessons learned" from the past 20 years is that security is not a proactive sport. In fact, we are all experts at running to where the ball _was_as opposed to where it is _going_. Like, if you listen to Risky Biz this week, Patrick asks Metlstorm whether it's time to go out and replace all the old enterprise file sharing systems <https://twitter.com/vxunderground/status/1641629743534559233?s=20> you have around, proactively. And the answer, from Metl, who's hacked into every org in Oceania for the past 20 years, is "yeah, this is generating huge return on investment for the ransomware crews so they're just going to keep doing it, and being proactive might be a great idea." But what he didn't say, but clearly had in his head was "but lol, nobody is going to actually do that. So good luck out there chooms!" At some level, STIX and TAXII and the whole CTI market are about passing around information on what someone _might_ have used to hack something, at some point in the _distant past_. It's a paleontology of hackers past - XML schemas about huge ancient reptiles swimming in the tropical seas of your networks, the taxonomies of extinct orders we now know only through a delicate finger-like flipper bone or a clever piece of shellcode. -dave

1 1

LSU is hiring CS Professors with RE and binary exploitation experience
by Andrew Case 30 Mar '23

30 Mar '23

The Computer Science department at Louisiana State University (LSU) is currently hiring for many faculty positions related to applied cyber security. Courses taught inside this department include reverse engineering, malware analysis, binary exploitation, memory forensics and other intensive courses related to incident response and offensive security. Ideal candidates will have significant experience with deeply technical areas of cybersecurity. LSU was recently granted the CAE-CO designation and is one of only 21 schools nation-wide to hold it as it is the most technical designation granted by NSA and DHS. The department also runs a large SFS program for cyber security students. If you are interested in one of these positions, then please see the following link. I also ask my industry contacts to please spread the word within academic communities that you have access to: https://lsu.wd1.myworkdayjobs.com/en-US/LSU/job/3325-Patrick-F-Taylor-Hall/… The cybersecurity effort at LSU has strong support from the highest levels of the school and is rapidly expanding – so now is the perfect time to join. PS: I am not employed by LSU, but do work very closely with the CS department to ensure the courses are relevant to industry and rigorous enough for students to leave with real-world, hands-on experience. If you have questions related to the position, then please direct them to Dr. Golden Richard at LSU: https://www.cct.lsu.edu/~golden/ Thanks, Andrew

1 0

2024

2023

2022

2021

2020

Dailydave March 2023