Microblog

I was wondering if there will be a difference in popularity of talks on Twitter during and after the #34C3 conference. Turns out the difference between last year's top 10 is significant! For #33C3's list, see gist.github.com/jd7h/810cb22b2…

I've turned off image loading in my browser for a scraping job, but now I'm seriously considering leaving things this way.

The top 10 of #34C3 talks has been updated to include tweets from the last days of congress. gist.github.com/jd7h/30de3cc1c…

Like last year, I made a top 10 of #34C3 talks, based on the number of tweets that refer to them. Here's the list based on tweets from the first few days of conference: gist.github.com/jd7h/30de3cc1c…

Oh dear. TIL @LibraryThing has an API.

Absolutely loving the traveling library of @hacklibrary at #34C3. Great selection of books: from Terry Pratchett and science fiction classics to the yoga sutras, books on political science and cryptography. #deadtreelovers

In that case, the distance to #34C3 should be measured in the number of caffeinated drinks needed for the journey. ;)

My favorite Christmas song of 2017 is @PTXOfficial's Mary Did You Know. youtube.com/watch?v=I5PyLw…

Well done, Twitter. A perfect placement of a tweet from @EffinBirds!

So how is everyone's Christmas Day so far? :D

Rereading the Harry Potter books this Christmas and I just noticed spare time at Hogwarts is comprised of boardgames, sports, books and visiting people for tea. No music, movies, tv-series or video games.

TIL the word "mockbuster".

Try-out for my new grey and black brushmarkers (original art by @heikala_art)

Thread with a happy ending

YES because there are NEVER enough Jo March influences in my life.

In January, I will be starting my new job as a PhD candidate at @UTwente on the topic of natural language generation.

Charlie and the “Zero day” factory

This is why we need natural language generation. There will never be enough Harry Potter chapters. #nlg

Here's this week's newsletter. :) mailchi.mp/fe7d8af82fe0/o…

I have an internet connection again (YAY FIBRE) so this week's newsletter goes out tomorrow. Sign up here: eepurl.com/c-Q53D

A list of common SSIDs. Apparently, HOGWARTS is very popular. wigle.net/stats#ssidstats

When in doubt, FLOUNCE

Living like a beat poet during the last few days in my home in the Hague.

I am SO stealing these lists on @alicegoldfuss's contact page. Great for expectation management.

Played Zork (1980) w/ @mrngm over the weekend, after we heard a reference to the game in an episode of The Big Bang Theory. Text-based adventure games ftw!

My training and certification exams were paid by my employer.

My talk proposal about Markov Chains was rejected, so that means the talks at #34C3 will be EVEN MORE AWESOME than the one I had in mind, right? ;)

In last week's newsletter, I wrote about gritty comics, hand-drawn presentation slides and a vintage video game! Read it here:
mailchi.mp/42805a756327/b… ft. @b0rk @heikala_art

Had lots of fun talking to the @Radboud_Uni and @TUe_MCS students today. Slides (with links to career advice and infosec challenges) are available here: judithvanstegeren.com/assets/1711-in…

Awww yiss, my first newsletter is scheduled. *Excited
This week, I talk about bad-ass women in space (and where to find them) and christmas songs to dance to. Sign up here: eepurl.com/c-Q53D

@mrngm for your email footer?

Apparently, newsletters are the new Twitter. Join my quasi-weekly supercerebral non-sensical FUN newsletter here: eepurl.com/c-Q53D

If you regularly want beautiful art in your timeline, be sure to follow @heikala_art!

My next research project in 4 comic panels. #nlg #textgeneration

File disclosure vulnerability in OpenOffice. "The vulnerability is mitigated by the need for the attacker (...) to trick the user into saving the document and sending it back." Srsly, this got a CVE-ID? openoffice.org/security/cves/…

Only just realised I need to update my Python3 Twitter bots!

Next week, I'm giving a presentation on incident response for computer science students of @Radboud_Uni and @TUeindhoven. Here's a sneak peek. #DFIR

Remember people, patch those systems. #DFIR

Anyone with a Dutch library membership can get the book "I, robot" for free this November, thanks to @NederlandLeest. Cool!

I laughed so hard at this commercial. #blessed
youtube.com/watch?v=bh19Yx…

OH YES
shop.startrek.com/product/ZVCTST…

Introduction to haiku. I hope to find a good saijiki (dictionary with seasonal words) in Dutch or English one day.
youtube.com/watch?v=VJHCGP…

Einstein by Walter Isaacson

Criteria voor het bepalen van nieuwswaarde. Handig voor wetenschappers die aan media outreach willen doen! #scicomm NL

With special thanks to @ionicasmeets for recommending this book in Het Exacte Verhaal.

Trying to improve my understanding of The Media as a technical/scientific expert with this interesting reading material. #scicomm

“Like a government diverting money from defense to education, humans diverted energy from biceps to neurons.” -Yuval Noah Harari (Sapiens)

Verder bevatten de factsheets van @ncsc_nl veel best practices op technisch en organisatorisch gebied, zie ncsc.nl/actueel/factsh…

Arnoud Engelfriet kan veel juridische zaken vaak helder uitleggen. Zie @iusmentis en blog.iusmentis.com/tag/gdpr/

GDPR heeft veel facetten dus dit is een brede vraag. Op welk vlak? Organisatorisch/technisch? Ligt er ook aan wat MKB nu al heeft ingericht.

Life advice for people in tech... ermmm, I mean everyone. jvns.ca/blog/answer-qu…

Read this and then determine what YOU want out of your smart phone or social media. theguardian.com/technology/201…

Love your inktober drawings! You inspired me to make one of my own. ^^ Looking forward to seeing the rest of your creations on twitter.

@jakeparker Can you tell me the name of the font you used in the official inktober prompt list? Thanks.

What media did you use? Black ink and paint brush or something else?

This article has some fun suggestions for coming up with new blog post ideas: thenextweb.com/contributors/2…

Winter is coming.

Yay, my first #hacktoberfest pull request was merged! This is a good post for easy pull request ideas: vaibhavsagar.com/blog/2017/07/3…

The Open Movie DataBase (OMDB) is no longer open: you can't access the API without paying $1 per month. *sadface

Oh noes, now the White Walkers have puppies too! #GoT

Investigating Security Incidents with Passive DNS, by @xme isc.sans.edu/forums/diary/I…

Want to join #hacktoberfest but not sure where to start? Read @b0rk's article: jvns.ca/blog/2017/08/0…
#youcandoit #opensource

Support open source this October and earn stickers or a T-shirt from @digitalocean and @github hacktoberfest.digitalocean.com #hacktoberfest #FOSS

Just blogged: Roger (python tool) monitors changes in HTTP status codes #OSINT judithvanstegeren.com/blog/2017/roge…

We need more exercise material like this.

Today is a very special day: I just opened my 42nd git repository! HUZZAH!

Twitter forensics from the 2017 German election, nice research bij F-Secure #OSINT labsblog.f-secure.com/2017/09/25/twi…

Yay, I submitted my proposal for a talk on fun with Markov Chains for the #34C3 CFP! And now we wait... *fingers crossed

This is me.

I think you accidentally a word.

A Jane Austen-themed game from the maker of Second Life! This appeals to my inner historian. theguardian.com/books/2017/sep…

Good idea!

Sent from my iPhone

The Matrix, 2001: A Space Oddysey, Planet of the Apes, Alien and Jurassic Park are all science fiction movies.

The rest of the code is scraping the CCC Fahrplan and some dataset cleaning.

An implementation of Markov chains is already open sourced as one of my github projects: github.com/jd7h/andrey

Interesting article about the consequences of instilling a fixed mind-set vs a growth mind-set in children.
scientificamerican.com/article/the-se…

Oh yes, especially when you insert "blockchain" or "cloud".

If you're getting 401 errors from the Twitter streaming API, check your system time. Twitter won't push tweets if your clock is wrong.

I'm falling in love with NLTK's part of speech tagger. I use it to get random adjectives and nouns from a corpus and play with them.

"Most robots out there are things you won't need to specify the behavior of iptables in terms of bigstep semantics."

"Who is flagged as a dreaming machine opens a security update to fix the EU's vulnerabilities."

"How large and pervasive the impact on an ARM microcontroller that has an unfortunate reputation of evoking a raw dystopia..."

"A lightning talk attempts to gain an open virtual machine learning to remotely install persistent code, incentivized by scientists."

"This talk discusses the world's largest platform for various IPv6 in space agencies fixed by our solar system to accommodate our research."

I'm using Markov chains to generate talk abstracts for the #34C3 CFP. Some of the outputs are hilarious and/or quite believable.

"Hold the newsreader's nose squarely, waiter, or friendly milk will countermand my trousers." youtube.com/watch?v=ZFD01r… #language #linguistics

Just watched Hidden Figures, about the women of colour that computed for the NASA in the 60s: a beautiful, important and inspiring movie.

Good busy! ;)

Looking forward to more chapters! Also we need moar tea dragons.

If you like webcomics, pastels and tea, be sure to read The Tea Dragon Society by @strangelykatie at teadragonsociety.com

What about 'Henry', 'Edward' and 'George'?

Timeline for the #34C3 Call For Participation:
Sep 19: CFP open
Oct 15: CFP closed
Nov 19: Notification of acceptance
Dec 27: Conference!

Good luck! I just passed mine. :D Maybe this article in which I describe my learning method can help you: judithvanstegeren.com/blog/2016/how-…

"Click publish because you have something to say, not because you have to say something."

"Humor" is natuurlijk breed te interpreteren :p

Just blogged: Digesting difficult books with @RyanHoliday's reading method.
judithvanstegeren.com/blog/2017/dige…

Best geek test evah and awww yish I scored 48%. innergeek.us/geek-test.html (via @SecBert)

Thanks for the tip (and the stories) ;)

This looks like a REALLY cool digital forensics challenge! You can participate until feb 2018. More details here: dfrws.org/dfrws-forensic…

"@freeradblog" seems to be a dead link -- is there a typo in there somewhere?

@MalwareJake @hacks4pancakes @sansforensics Any ideas? #DFIR

Looking for challenges, puzzles, wargames, and permanent CTFs to practice the skills I learned in the SANS Digital Forensics course. Ideas?

This website has some great digital forensics puzzles, by the way. I also like the way they choose a winner. forensicscontest.com/puzzles

Do these have /forensics/ challenges? Not really looking for 'break this' challenges, but more 'find evidence of activity X'.

Looking for challenges, puzzles, wargames, and permanent CTFs to practice the skills I learned in the SANS Digital Forensics course. Ideas?

This is the back of the cover of "Wonder Women" by Sam Maggs and Sophia Foster-Dimino.

Just so you know.

Now look at this scrumptious celebratory coconut donut. Time for some in-depth forensics research.

Yay, I just passed my GCFA exam (forensics and incident reponse) with a score of 87%, thanks to training from @MalwareJake and lots of prep.

We are entering a new age of automation, unlike anything that's come before. youtube.com/watch?v=WSKi8H…

Spoons address the problem of conveying liquid from bowl to mouth (...). How is your idea like a spoon? medium.com/civic-tech-tho…

I've been using @Kiva for years (even as a student) and I absolutely love it. If you're not yet giving to charity, be sure to check it out.

This is the timeline for last year. I'm planning to send in two proposals for #34C3. I've teamed up with some friends for feedback exchange.

For those who are considering sending in a talk proposal to the CFP for #34C3:

Timeline for the #33C3 Call For Participation:
Sep 1: CFP open
Sep 30: CFP closed
Nov 14: Tweets with "Yay, my talk was accepted!"

Timeline for the #33C3 Call For Participation:
Sep 1: CFP open
Sep 30: CFP closed
Nov 14: Tweets with "Yay, my talk was accepted!"

Plz plz plz make a timelapse video?

This page by @lara_hogan is SO cool: "Eating a donut is an integral part of my career celebration process." larahogan.me/donuts/

Productivity in terrible times: "Know that the tufted titmouse has never even heard of the electoral college." superyesmore.com/productivity-i…

StarCraft is a high speed time machine! ...Unfortunately, it only goes one way: to the future!

My SO gave me a penguin! It's guarding my non-fiction books now.

BTW you get bonus points if you turn this into a bash scripting contest with your significant other.

Puzzle for Saturday-afternoon: write a one-liner in bash to find out which words have the highest amount of i's and j's.

cat [yourwordlisthere] | awk '{print split($0,a,/i|j/)-1 "\t" $0}' | sort -n

Puzzle for Saturday-afternoon: write a one-liner in bash to find out which words have the highest amount of i's and j's.

My cat has claimed my #DFIR workbook. "I can haz memory image?"

Aww yisss, putting some extra effort in my GIAC GFCA exam index really paid off! I feel so ready for the exam now. ^^ #DFIR #SANS #GIAC

@WriteSpeakCode Are the talks recorded? I couldn't participate in the conf but would love to see some of the talks. :)

Just finished my GIAC Certified Forensics Analyst exam index -- I ended up with over 350 entries. Time for the last practice exam! #dfir

@McSpank I'm curious about your top-3 #SHA2017 talks. :)

Good busy. ;) Have fun in Oslo!

You were a crying infant, once. You might have a crying infant, someday. #dwi

Home decoration style advice for ladies, 1896. gutenberg.org/files/26368/26… #downtonabbey

And if you want to learn by implementing crypto and then breaking it, there are the cryptopals challenges. cryptopals.com

How many pins did you make for the first run?

Yay, I finished my crawler/scraper/tokenizer project today at #sha2017! I'll upload the code to github.com/jd7h/adjutant after refactoring.

My favorite thing at #sha2017 so far: a lifesized Portal turret!

A SEO Expert walks into a bar bars tavern alehouse pub public house alcohol beer liquor whiskey

I just realised I really need a 3D printer before moving to a new apartment.

Thanks! I've been to some infosec conferences but OSINT talks are not something I encounter a lot. Any infosec confs you can recommend?

@jms_dot_py Are you aware of any OSINT-focused conferences that are interesting for techies specifically?

Machine Learning for security monitoring leaves analysts with more time to take action. darkreading.com/analytics/mach…

Love exploring words, language and concepts? Addicted to browsing a thesaurus? Try this website: wordassociations.net/en/words-assoc…

So I made this drawing after reading Daring Greatly by @BreneBrown. I might release it as a colouring page with Meteoriet Design later.

Begone with your old-fashioned 30-day password expiration notices and special character constraints! troyhunt.com/passwords-evol…

'Coding like a girl' (by @sailorhg) is worth reading. I make some of the mistakes mentioned in here too. medium.com/@sailorhg/codi…

How NOT to make a fantasy book cover, the 12-step guide. thoughtsonfantasy.com/2017/07/18/how…

This philosophical essay about work and leisure should be titled "The 4-hour workday". zpub.com/notes/idle.html

I have surpassed my GoodReads challenge of 32 books by reading 33 books this year. Now what am I going to do with the rest of 2017?

@Android Is it possible to get the monthly security bulletins as an xml/csv file?

Now I find it strange that sometimes creativity and innovation are used as a performance metric.

Just blogged: Things I learned after 18 months of working. judithvanstegeren.com/blog/2017/thin…

I found out there's a #SHA2017 lecture on state machines/type theory and now I'm doing a little dance in my chair. program.sha2017.org/events/342.html

Your momma's so FAT, her access time has a resolution of 1 day.

Threat indicator of the day: "Mini cats", ie. little kittens dumping hashes and plain text credentials from memory. #threat #IOC

UDP PACKET BAR WALKS A INTO

The "Break, learn, break, cry, break" routine. Nice blog by @roguelynn. roguelynn.com/words/Im-fakin…

The user's going to pick dancing pigs over security every time. -Bruce Schneier

You can never remove all risk, but you can protect yourself as much as possible and mitigate risk to an acceptable degree. -Kevin Mitnick

OH: "I like proof more than conjecture and fluff."

The secret to strong security in computer software: less reliance on secrets. -Whitfield Diffie

This Bundle contains the security classics. Nice range of topics: social engineering, physical security, crypto, forensics and reversing.

Just try to bust yourself gently of the fantasy that publication will heal you. It can't. It won't. But writing can. -Anne Lamott

I've been inking a drawing and ZOMG I HAVEN'T BLINKED IN FOUR HOURS

None, because "we" are too busy meditating?

"Python2 is for those that live in the past, Python3 is for those that live in the future."

DARPA used formal verification to make their Little Bird drone much more secure ("hacker-proof"). quantamagazine.org/formal-verific…

Welcome to the club!

Book recommendations for Jon Snow: "Are you my mother?", "The Crow", and "All my friends are dead." goodreads.com/blog/show/966-…

OH: "PDF stands for Payload Delivery Format." #malware #DFIR

If Gutenberg’s revolution was Pandora 2.0 and the Industrial Revolution 3.0, then the information age is Pandora 4.0. -Stephen Fry

I'm really looking forward to the writeups! I might learn a thing or two about mobile reversing.

If you ever need to write a company newsletter, don't forget to look at this page: dilbert.com/search_results…

I told a UDP joke but nobody got it.

Every writer you know writes really terrible first drafts, but they keep their butt in the chair. -Anne Lamott

OH: "The code for this project looks like a bunch of drunk monkey got together to write code on typewriters."

You are Not an Impostor by Nickolas Means (@nmeans) youtube.com/watch?v=l_Vqp1…

Social-engineering-as-a-Service to get victims to give up their PIN codes. motherboard.vice.com/en_us/article/…

A girl can dream.

Even if a security-minded programmer erases all passwords from memory, they might still be floating around in RAM because of the OS.

"Work hard, but don't rush." Career advice from George Monbiot. monbiot.com/career-advice/

Instructions for living a life, by Mary Oliver. (Photo by @nicoleslaw)

It's OK to:
- ask for help
- not know everything

In the Hague there are plenty of spots where you can buy milk tea!

"Threat intelligence sharing: what you don’t know can hurt you" by @McAfee describes the challenges of sharing CTI.
mcafee.com/us/resources/r…

What can developers learn from being on call? by @b0rk - jvns.ca/blog/2017/06/1…

I'll return soon enough, for the party of the year! ;)

I will improve my machine learning skills with the Stanford Machine Learning course on Coursera, starting today! coursera.org/learn/machine-…

Malware can hide, but it must run. -Jesse Kornblum

The city of Nijmegen, as seen from a departing train.

Duck typing in security: Does it look like a duck? Does it walk like a duck? Does it hack like a duck?

Reserve an out-of-band communications channel for your Incident Responders, as business comms might have been compromised as well.

"Do not react too quickly to an incident by pulling the plug. We need to move towards intelligence-driven incident response."

By popular demand, my Twitter mass-backup-and-unfollow Python script can be found here: gist.github.com/jd7h/02094c6e1…

Incident response to the rescue! Now for sale in my RedBubble shop. :)

redbubble.com/people/meteori…

I made this shirt design for all those awesome infosec Incident Responders out there. They are, after all, superheroes. Who you gonna call?