David Longenecker

@[email protected]
281 Followers
262 Following
61 Posts
Christ-follower | CSIRT | SOC | Threat Intel |Insider Threat | #DFIR | dad | #aviation geek | proud Texan | 90% blue / 10% red team #infosec
David LongeneckerFeb 17, 2023
I love it when a headhunter or placement specialist sends someone skilled in OSINT, a resume they think they have suitably redacted to obscure the candidate😂
David LongeneckerJan 24, 2023

#Movie recommendation: "Missing." A quite well-done #osint tale, masquerading behind a compelling plot.

I might even put it up there with War Games.

David LongeneckerJan 13, 2023

AMD Information Security is #hiring! I have two positions open on my team. Both are mid-senior level analyst roles with some leadership potential:

DLP investigations lead, US https://careers.amd.com/careers-home/jobs/24631

SOC Senior Analyst, India https://careers.amd.com/careers-home/jobs/24474

#infosecjobs #workforamd

Staff Information Security in CALIFORNIA, California | Advanced Micro Devices, Inc

AMD | Careers Home is hiring a Staff Information Security in CALIFORNIA, California. Review all of the job details and apply today!

Staff Information Security in CALIFORNIA, California | Advanced Micro Devices, Inc
David LongeneckerJan 12, 2023

O'Reilly published a book a while back, on software engineering at Google; that book is now available free online. Lots of good content - on #change #management, building scalable and supportable systems, and managing people and teams - lots that is applicable far beyond traditional software engineering. Sticking this in the #infosec #toolbox for my own future reference.

https://abseil.io/resources/swe-book/html/toc.html

Software Engineering at Google

David LongeneckerJan 11, 2023
Any other time of year I would wonder if the "smoke" out my window were a wildfire in the woods across the street, but nope, it's just pollen billowing out of the ashe juniper (aka cedar) trees in the breeze. #atxweather #allergies 🤧
David LongeneckerJan 11, 2023

I am having a hard time comprehending how a "security feature bypass vulnerability" in SharePoint Server (CVE-2023-21743) can affect #integrity without also affecting #confidentiality. What am I missing? What on earth does "The attacker is able to bypass the expected user access as an unauthenticated user" mean? Has anyone seen further details on this #vulnerability?

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21743

Security Update Guide - Microsoft Security Response Center

Show threadDavid LongeneckerJan 2, 2023
@thegaryhawkins @ThomM @hacks4pancakes wear sunscreen! Second degree sunburns in your teens and twenties beget skin cancer in your thirties and forties. Ask me how I know... 🤷‍♂️
David LongeneckerJan 2, 2023
@GossiTheDog I've always seen invitations like that as a gray area fraught with opportunity for a company employee to divulge sensitive company practices. I genuinely wonder how many so-called consulting opportunities pitched to corporate staff, are in fact thinly veiled attempts to surveil.
David LongeneckerJan 2, 2023
yetztJan 2, 2023
oh no, someone forgot to water the wind turbine.
David LongeneckerJan 2, 2023

Interesting. This may be old news to folks that deal with telephony, but it's new to me. There is a "Class 0" SMS - a form of SMS that is by design displayed as a full screen overlay, as might be appropriate for an emergency notification (...or abused for SMS spam).

https://blog.richpollock.com/2014/06/class-0-sms-messages/

Class 0 SMS messages

Yesterday, I received a Wi-Fi password by means of a class 0 or “flash” SMS message. In iOS 7, class 0 messages are presented as a grey, full-screen overlay that includes the horizontal…

Bit Wrangling