Stilgherrian (@stilgherrian)

Wentworth Falls NSW AU

The below is an off-site archive of all tweets posted by @stilgherrian ever

October 11th, 2017

OK, kiddies, I’m outta here. You play nice, y’hear?

via TweetDeck

@zdnetaustralia And my tweets from the conference session, with some of the APT ALF gags, and a few slides. twitter.com/stilgherrian/s…

via TweetDeck in reply to stilgherrian

The original @zdnetaustralia yarn: “Secret F-35, P-8, C-130 data stolen in Australian defence contractor hack” zdnet.com/article/secret…

via TweetDeck

Hey everyone who doesn’t know yet, listen to me ruin this week’s @BlogsofWar @CovertContact podcast! twitter.com/stilgherrian/s…

via TweetDeck

NewtonMark Just saw someone explaining that “the c-bomb is the Army equivalent of the Oxford comma.” 🤣

via Tweetbot for iΟS (retweeted on 9:10 PM, Oct 11th, 2017 via TweetDeck)

tomwalkerisgood As his name is not “Biggest Bird”, we are to understand that Sesame Street is home to at least one, perhaps more, truly immense unseen birds

via Twitter for iPhone (retweeted on 9:05 PM, Oct 11th, 2017 via TweetDeck)

TheNickLeeson Nikkei225 at highest level today since 1996 - probably not far off my break-even point. If only they’d waited!!

via Twitter for iPhone (retweeted on 9:03 PM, Oct 11th, 2017 via TweetDeck)

@FarrellPF Thanks, Paul. Though it’s classic example of just being there when word came out of someone’s mouth. Surprising words.

via TweetDeck in reply to FarrellPF

Uptomyknees HOLY FUCKING SHIT dude online tries to mainsplain the costumes of Indiana Jones to my mom…
…the costume designe..twitter.com/i/web/status/9…Kh

via Twitter Web Client (retweeted on 8:51 PM, Oct 11th, 2017 via TweetDeck)

stevelord DOJ tries to rebrand broken encryption ‘responsible crypto’. A bit like rhythm method as ‘responsible birth control’ arstechnica.com/tech-policy/20…

via Twitter for Mac (retweeted on 8:39 PM, Oct 11th, 2017 via TweetDeck)

Phylan tired: Rick and Morty sauce controversy

wired: Kerbal Space Program Chinese Gamergate pic.twitter.com/CtCvqlu3oa

via Twitter Web Client (retweeted on 8:04 PM, Oct 11th, 2017 via TweetDeck)

The new Sofitel dominates Darling Harbour now. pic.twitter.com/wIXMmrthQT

via Twitter for iPhone

Me at @zdnetaustralia today: “Secret F-35, P-8, C-130 data stolen in Australian defence contractor hack” zdnet.com/article/secret…

via TweetDeck

free_facts The English language consists of over 4 million lies

via Free Facts (retweeted on 7:19 PM, Oct 11th, 2017 via TweetDeck)

glengyron If the hack was by @stilgherrian surely they can find him? twitter.com/zdnet/status/9…

via Twitter for iPhone (retweeted on 6:33 PM, Oct 11th, 2017 via TweetDeck)

@vealmince It is indeed so. I’m at the back near the bathrooms.

via TweetDeck in reply to vealmince

Actually no. Can’t be arsed walking that far. I’ve washed up at the Shelbourne for now.

via Tweetbot for iΟS in reply to stilgherrian

I will. Because I’m hungry. And because other reasons.

via TweetDeck in reply to stilgherrian

Wondering whether or not to go sit in The Corner for a little while.

via TweetDeck

@ResignInShame Indeed, but I don’t know specifically whose feathers and how ruffled they are.

via TweetDeck in reply to ResignInShame

And here’s my thread with crappy pics of some of the slides. Enjoy. twitter.com/stilgherrian/s…

via TweetDeck in reply to stilgherrian

So, today’s story: “Secret F-35, P-8, C-130 data stolen in Australian defence contractor hack” zdnet.com/article/secret…

via TweetDeck in reply to stilgherrian

My yarn on that report: “ACSC Threat Report highlights deplorable ignorance” zdnet.com/article/acsc-t…

via TweetDeck in reply to stilgherrian

Here’s the only information that was in the ACSC’s 2017 Threat Report released on Tuesday. acsc.gov.au/publications/A…..twitter.com/i/web/status/9…lO

via TweetDeck in reply to stilgherrian

I understand that my yarn today is causing problems for people in or connected with Canberra. Apparently this data..twitter.com/i/web/status/9…dj

via TweetDeck

@jonoabroad Well in NSW, sure. But I’m from South Australia, which was never a penal colony. No, it was a property development scam.

via Tweetbot for iΟS in reply to jonoabroad

smk “Ban Russian bots” projecting on Twitter HQ right now pic.twitter.com/musk8g085y

via Twitter for iPhone (retweeted on 4:20 PM, Oct 11th, 2017 via Tweetbot for iΟS)

@alexkidman @dobes What sort of things do you remember?

via TweetDeck in reply to alexkidman

Oh of course. It’s Wednesday, so another NSW politician is referred to ICAC. twitter.com/TenNewsSydney/…

via TweetDeck

@dobes @HivintAU You wanna come down later or tomorrow and we can make some? :P

via TweetDeck in reply to dobes

Hey @dobes, the @HivintAU guys have props and stuff so people can make their own cyber stock photos. pic.twitter.com/wwQMq09DIR

via Tweetbot for iΟS

We live in strange and disturbing times. twitter.com/AlanJones/stat…

via TweetDeck

@RSAsecurity I won’t be tweeting too much from this one, ‘cos I have an interview a well, and will be writing it up..twitter.com/i/web/status/9…kc

via TweetDeck in reply to stilgherrian

Next up for me: @RSAsecurity’s Rui Ataide on mass ATM hacking. pic.twitter.com/1L5ho3dY1T

via TweetDeck

I’m tweeting from the @AISA_National conference today. Mute to avoid. Program at conference.aisa.org.au/QuickEventWebs…

via TweetDeck

Me at @zdnetaustralia: “Secret F-35, P-8, C-130 data stolen in Australian defence contractor hack” zd.net/2i2xnVA

via Tweetbot for iΟS

@jpwarren Clearly. That was a brilliant presentation. Thank you, @snozberries_au!

via TweetDeck in reply to jpwarren

Finally, clean up the mess and institute better practices. pic.twitter.com/mKXX6wj9ir

via Tweetbot for iΟS in reply to stilgherrian

Once you understand how they got in, there’s a remediation weekend. But make sure you kill ALF. pic.twitter.com/1PcTVtmSPU

via Tweetbot for iΟS in reply to stilgherrian

“If the actor’s been there for five years, they already have everything,” so there’s no need to rush.

via TweetDeck in reply to stilgherrian

Turns out that APT ALF needn’t have bothered exploiting the server, they could have just logged in from the interne..twitter.com/i/web/status/9…kZ

via Tweetbot for iΟS in reply to stilgherrian

ASD found the remote shell China Chopper, and were lucky to find a memory artefact. pic.twitter.com/3HawnHtLwr

via Tweetbot for iΟS in reply to stilgherrian

Clarke is stepping through the whole incident response process. Much to absorb. Good presentation.

via TweetDeck in reply to stilgherrian

ASD was tipped off by “a partner organisation”. ASD is calling the actor APT ALF, after the “Home and Away” character.

via TweetDeck in reply to stilgherrian

It was a 50-person company in the aerospace industry with one tech person. They got very pwned and lost a lot of data.

via TweetDeck in reply to stilgherrian

Next up, Mitchell Clarke, an incident response manager at ASD, going thru that breach of a defence contractor in the ACSC report.

via TweetDeck

You want to build trust fast so you can share data? Pick up the phone, says Ziring. Yes!

via TweetDeck in reply to stilgherrian

Ziring’s key slide. Bad guys re-use and share tools, so we should share and re-use tools too. And coordinate our re..twitter.com/i/web/status/9…i8

via Tweetbot for iΟS in reply to stilgherrian

Our aim should be to detect the attack “pre-boom” and respond fast. No time scale, Ziring says, “So 15 milliseconds..twitter.com/i/web/status/9…NX

via Tweetbot for iΟS in reply to stilgherrian

Ziring says we need to start sharing not just attack indicators etc, but our analytical methods. (So we all learn.)

via TweetDeck in reply to stilgherrian

I won’t tweet all the slides from here on ‘cos I need to take notes.

via TweetDeck in reply to stilgherrian

Ziring says the need to use adaptive automation and orchestration is the thing he’s going to concentrate on.

via TweetDeck in reply to stilgherrian

Here’s how Ziring is describing what needs to be changed. pic.twitter.com/jDd6vz5Ox7

via Tweetbot for iΟS in reply to stilgherrian

Ziring checks he can walk around. He can. He’s happy. “In government conference rooms you’re not allowed to have wireless mics.”

via TweetDeck in reply to stilgherrian

Next up: Keynote by Neal Ziring, Technical Director of
NSA’s Capabilities Directorate. pic.twitter.com/lQqceGvOyF

via TweetDeck

Some great comments about trust and collaboration from @Mich11775, who notes that the crims just get on and do shit.

via TweetDeck in reply to stilgherrian

Moderator @craigtempleton asks, “If you were a cyber octopus, would you slap eight people at once, or one person really hard?”

via TweetDeck in reply to stilgherrian

@Mich11775 Born after 1996, when the PC became ubiquitous in the workplace? Was anyone left standing? I couldn’t see.

via TweetDeck in reply to stilgherrian

@Mich11775 She just got everyone to stand up, then said “Sit down if you were born after 1990 when ‘Hammer Time’ wa..twitter.com/i/web/status/9…1S

via TweetDeck in reply to stilgherrian

Excellent rhetorical Q from @Mich11775: Why do we collaborate if there’s no outcome? What is the actual purpose?

via TweetDeck in reply to stilgherrian

Launtenbach also says we have more than enough threat intelligence sharing. Hear hear.

via TweetDeck in reply to stilgherrian

Berin Launtenbach, CISO APAC, Telstra, says there’s no cyber skills shortage, there’s just bad allocation of resources.

via TweetDeck in reply to stilgherrian

First up is a panel, “Collaboration Panel - Swipe Right to Collaborate”, which I was worried would be same-again, but no.

via TweetDeck

JackGJessen 1st joke:
Agile is merely standing up doing what we already were doing sitting down

via Twitter for iPhone (retweeted on 9:16 AM, Oct 11th, 2017 via Tweetbot for iΟS)

Once more, @RSAsecurity has provided the good coffee in the good cups. I dribbled a bit though. pic.twitter.com/TNXk24TAVy

via Twitter for iPhone

Approaching the Sydney CBD from Pyrmont. pic.twitter.com/itRs8RM4zo

via Twitter for iPhone

I am on this week’s @CovertContact podcast too, so there’s that. twitter.com/stilgherrian/s…

via TweetDeck

Me at @zdnetaustralia Tue: “ACSC Threat Report highlights deplorable ignorance” zdnet.com/article/acsc-t…

via TweetDeck

Wednesday. Your life is an equal mix of shame and despair, and there’s very little you can do about it. Wednesday. Not Tuesday.

via Tweetbot for iΟS in reply to stilgherrian

It has been drawn to my attention that it is Wednesday, not Tuesday. twitter.com/doctor_cotton/…

via Tweetbot for iΟS in reply to stilgherrian

@stufromoz Definitely a wig, because my hair is fairly curly when long.

via Tweetbot for iΟS in reply to stufromoz

Ten minutes after sunrise at Wentworth Falls station, but it’s not exactly sunny. pic.twitter.com/qJhRsnc9iV

via Tweetbot for iΟS

SlacktivistFred Joshua 3:10. “God will surely drive out the amirites ahead of you” twitter.com/ianfortey/stat…

via Twitter for iPhone (retweeted on 6:06 AM, Oct 11th, 2017 via TweetDeck)

The new @USArmy “Field Manual 3-0, Operations” is out. army.mil/standto/archiv… pic.twitter.com/fbtukDYyT3

via TweetDeck

Tue plan, draft: 0636 train to Sydney; @AISA_National conference conference.aisa.org.au/QuickEventWebs…; write for @zdnetaustralia; collapse in Pyrmont.

via TweetDeck

Tuesday. Your life is an equal mix of shame and despair, and there’s very little you can do about it. Tuesday.

via TweetDeck