Notices by Jake Williams (malwarejake@infosec.exchange)

Hot take: the cybersecurity industry wastes an incalculable amount of effort "remediating vulnerabilities" in code because a library used has some "vulnerability" that can't actually be exploited in the way it's used in the application.

Find yourself someone who buys you a life size metal Sword of Omens from Thundercats for Christmas.

Never, EVER, do anything that might create personal legal liability for yourself on behalf of your org.

No matter what anyone says, you are not "family." You are not "in this together." And most importantly they do NOT "have your back."

Have been low key thinking about replacing a vehicle and decided yesterday to jump on it before prices soar due to tariffs. This is $50k I would have spent in mid-late 2025 that I'm spending now.

Got to wondering:
How many others are doing this?
How does this reflect in economic reporting?

Publicly declaring "I will give you a child" to someone you have no consenting relationship with is a threat of sexual assault, full stop.

My favorite thing about the Telegram arrest is that "normies" are asking me if this is why I've been refusing to use it for comms and moving them to Signal instead.

Yes. Yes it is...

Management "helping" with the incident response...

Big feels...

Misunderstanding threat actor capabilities...

Deploying honey tokens in the network to catch attackers...

CISOs: please stop asking "how will AI fix X"

If AI widely solved the problems you're delusionally thinking/hoping/praying it will, you wouldn't have to ask consultants about it. Your peers wouldn't be able to shut up about it. Thanks for coming to my TED Talk...

Privilege escalation with Python...

Threat actor disabling the EDR before deploying a destructive cyberattack...

If you're considering using Gusto for HR outsourcing, just don't. I legit do not understand how these clowns stay in business. It's so bad, it would take something very special for me to even work at a company using Gusto for benefits administration again.

Congratulations Gusto - you've inspired me to add new questions to my interview process when looking for jobs "do you use Gusto?"

Narrator voice: "it was not, in fact, 13 seconds"

I'm not familiar with this definition of "universal"

Fantastic thread detailing how you may still have security issues even if you have removed your last Exchange hybrid management server.
https://twitter.com/JimSycurity/status/1628813019588313088?s=20