frijolito 🎸

@[email protected]
53 Followers
66 Following
208 Posts
Security architect at a small healthcare startup 
https://jeffreylikeswebsites.com
I write music when I’m not working
https://soundcloud.com/chicano_frijolito#AppSec
whoamihttp://jeffreylikeswebsites.com
my musichttps://soundcloud.com/chicano_frijolito
Show threadfrijolito 🎸Oct 22, 2024
#threatintel maybe this is a better tag … please help me boost this for reach y’all ❤️
frijolito 🎸Oct 22, 2024
Does anyone have a good suggestion of something that can run on Mac/windows/chromeOS to perform adversary simulation to test an EDR tool? I’m thinking flightsim but it’s been a while and want to expand tools 👀
#edr #redteam
frijolito 🎸Dec 28, 2023
Jerry 🦙💝🦙Dec 27, 2023
I’m proud of you 💪
Show threadfrijolito 🎸Dec 4, 2023
Curious what y’all think @simon @adamshostack @jerry … I am not in a SCIF or anything like that but it feels like a bit of a copout to wipe your hands clean and assume no risk after seeing “a policy” saying that they promise to not train on your data if you disable chat history in the web view. Am I overthinking this since people obviously share code with tools like GitHub, etc? Is the kicker here that they have some signed documentation protecting you and taking liability?
frijolito 🎸Dec 4, 2023
Does anyone have guidance or any good references for assessing the risks of using tools like #chatgpt (web view vs using enterprise tier api) at work? I’m thinking the best way to visualize this would be a threat model. Theres obviously a possibility of exfiltration. I’m thinking of the use case of the web view for chatGPT with no history enabled since they claim to not retain data for longer than 30 days. Trying to think like a security architect with respect to the risks of sharing code and IP
frijolito 🎸Sep 8, 2023
To all the security architects out there:
What’s the best way to take baby steps towards that path if you have a basic background in infosec engineering + software engineering? #help Is just a bit of time in seat with each of these roles enough to break into that domain or do you need a particular cert? I have 5 years in infosec and could get a CISSP but I’m wondering if that’s truly the best use of time…
frijolito 🎸Aug 28, 2023
Sacha Ligthert 🇳🇱🇬🇧Aug 28, 2023
#infosec at it's finest.
frijolito 🎸Jun 30, 2023
Show threadSimon WillisonJun 30, 2023
... and it turns out that's not necessary at all, because `foo.bar.localhost` resolves to `127.0.0.1` on macOS (and Linux) out of the box!
frijolito 🎸Jun 22, 2023
Keir Rice ⬢Jun 22, 2023
Happy #solstice
This photo was a 6 month exposure from my back yard, It shows the tracks of sunlight from one solstice to the next.
frijolito 🎸Jun 16, 2023
Larry Pesce Jun 16, 2023
While still in the public comment phase, I'm of the opinion that CVSS 4.0 scoring will be a huge improvement in how organizations can make decisions on risk. It looks like we could benefit from the proposed metrics to contextualize actual exploitability, and how it applies to critical areas such as OT/ICS and even healthcare. https://www.first.org/cvss/v4-0/
Common Vulnerability Scoring System

FIRST — Forum of Incident Response and Security Teams