LOL, one little edit in the Threat Driven Software Development book and I'm magically transported back to 2007 :)
| Blog | https://www.leeholmes.com |
Lee Holmes 
- 2.7K Followers
- 334 Following
- 2.2K Posts
Partner Security Architect, Azure Security. PowerShell developer, fanatical hobbyist, and author of the PowerShell Cookbook.
Once again, I am reminded that the quickest way to turn a task from something you actively dread to something you actively look forward to is to automate it.
Kagi HQNot sure how we went from plain, straightforward words to LinkedIn speak but now you can use Kagi Translate to fit right into that crowd:
Attackers love to use XOR stupidly , episode 388: https://github.com/deepfield/public-research/blob/main/katana/report.md
Playing with a cool UX approach to help you study and practice chess opening theory.
1) Click on a sentence
2) It gets added to your "Ideas / Responses" for that position, along with a graphical visualization of that idea
3) During study, reenacting that visualization (like moving a piece, clicking on a square) counts as getting it correct.
Is it just me or has the 👋 emoji gone from being cute to being obnoxious? Every time I see it in some random startup's landing page, it screams: "Look how hard I'm trying to seem like I'm not trying hard!"
80% of exploited zero-days in 2025 done by nation states or the commercial surveillance vendors that ultimately serve them. Welcome to the world where everybody is defending against foreign militaries whether they are enlisted or not.
https://cloud.google.com/blog/topics/threat-intelligence/2025-zero-day-review
Massively upped the rigor on the Bradley Terry Logistic Ranking page so you can see how stable the model is based on what you've answered so far.
https://infosec.exchange/deck/@Lee_Holmes/116173839053213121
Ok, this is cool. You have 10 things with various features (think: price / quality / speed or CVSS / known exploited / time unpatched) and you want to use a formula to put them in order. You can compare any two and probably make a good call, but you don't want to hand-craft a formula because that introduces bias.
There is something called Bradley-Terry Logistic Regression that is designed exactly for this. Here's an implementation, even letting you compare among multiple evaluators to see where your value systems may differ.