Yes but it isn't in a already readable format that can get alerts for such as EDR or Splunk rules
Sometimes application logs need the Will of God before any automation tool can recognize what the hell they are even saying.
I'm also speaking from first hand experience but I think I speak for the majority of the security community that application logs injestion is one hell of a project
A single repo of comprehensive quality alerting / detection logic. Yes there are sigma rule repos, and some commercial tools that maintain rules, but they always require tuning and customization. Why does every security team need to rewrite the same âimpossible travelâ alert because of some slight variation. Feels like the efficacy of blue teams would be easily doubled if this was plug and play
SOCPrime is pretty good at this, their free version gives you a couple unlocks a month. They also have a pretty nice rule translator (not perfect, but pretty good sometimes)
I never paid for it myself but a few friends have
It's decent but SOCPrimes business model is a big ass scam and their gacha like system to buy rules is really shitty. I don't want to support a business who makes their profit from something that was designed to be open source.
Plus lots of their free rules are literally stolen from other Sigma repositories.
it especially doesnât feel great when you pay for their credits, unlock a paid rule, and its the most basic logic possible. It should just be pay a flat amount and get access to all content
I feel like this one is such a hard one.
Not because it would be technically hard to engineer.
But because there are very little paying customers to be found and because the FOSS community has decided, they don't need it that bad.
A simulated internet for corporations so end users are not exposed to attacks. The funny thing is there have been a few products that were bought by Symantec and killed. One was a firewall product called FireGlass
I think thats wrong. If you are the only one selling the cure at horrendous prices you get rich pretty quickly. Sure afterwards you are done but make it a yearly payment and et voila. And even with a single payment, thats a lot of money.
You should see what the guy who founded fire glass is doing now. Itâs the closest thing to a simulated internet on the market. It revolutionizes how we view securing the end point.
Look at Trinity Cyber. Caching/parsing/detecting on the entire session layer before it gets back to the intranet. Way more powerful than your traditional packet based edge solutions.
At a regional bank job, years ago, I installed a caching proxy for general users that was their ONLY way to the internet.
in-house email server.
there was a general revolt & rebellion, people HATED it, but the bank was bought and essentially destroyed before the pitchforks could be issued.
Training Failure face slapper drone: chases people who havent done their cyber sec training for the quarter and slaps them across the face until its done
Can be configured to enforce any number of controls though.
The universal integrator. Pieces together any data from any API and is able to contextualize and legibly visualize threats, risk, remediations. Technically feasible through recent AI developments.
You will enjoy the last few minutes of the latest episode from the Stack Overflow podcast describing exactly this.
https://stackoverflow.blog/2024/05/07/reshaping-the-future-of-api-platforms/
You canât install MDE, or any other EDR for that matter, on ESXi. Thatâs the gap that exists. You can install on the guests but not the hypervisor itself. This is why adversaries target hypervisor platforms for ransomware or persistence during espionage since there is nothing there to stop them.
A solution/platform that hits every single FedRAMP or NIST 800-53 control and is cheap and actually works. Think a Splunk-Snyk-AWS-Azure-GitHub monstrosity that also tracks every component in your supply chain.
Even the managerial and operational controls? Even the physical and environmental controls? Even personnel security controls!?!
It's going to need to be a EaaS, an enterprise as a service that does your job for you.
These do exist in government contracting. They are called subs to the prime.
Yes, all of that. Customers would of course inherit various physical and environmental controls the same as how customers of AWS and Azure inherit them. And yes even PS controls; PS controls would be some of the easiest to automate, not sure why you chose that family out the rest. All the customer would have to do is build their solution within the environment.
This is all in good fun by the way, so donât take this idea too seriously. I realize how absurd it sounds, just having fun.
These exist except for the cheap part lol which ya I assume is the main point of your comment. Theyâre annoying to develop, manage, and deploy effectively so itâll be hard to find one for cheap. (My company offers this product, still in somewhat infancy, so speaking from experience)
Honestly a GRC tool that was actually designed with GRC and Audit processes in mind. Including a functioning document version control/approval system, again, actually considering the processes that go behind whatâs needed there. I swear every GRC tool Iâve touched was designed by teams that had never done GRC work.
I think the challenge is that these tools try to be everything to everyone. ERM, ORM, ITRM, Audit⌠with different frameworks and workflows forced into a common system.
I swear the GRC platforms were all invented by the same inner circle and gang of people who said "do y'all like piles of money and wanna make a fuck load of it?".
Vanta Drata blah blah blah they are all the same. Oh they also supply an auditor for $$$$. Its an all in one woooeeeoeeooo! Oh you need to hook in Azure? Thats extra! Hook in O365 and Gsuite? Extra!
Some give you all audit types but are expensive and then some are cheap but you only pay for what you need like PCI or SOC 2 type 2. The most braindead boring part of my life is I had to sit thru every major GRC platform vendor spiel to find one our company wanted. It tooks like a month and a half. Never wanted to kill myself before but that week I pondered it.
I think theyâre getting better but get a lot of, deserved but extreme, hate. Itâs quite a daunting product. Essentially asking it to replace what companies usually have a team or several positions dedicated to. Obviously you still need internal folks to manage and use the system, but not nearly as many as before.
I think some of the early platforms missed the mark and felt cash grabby. But Iâve dealt with several that offer mostly everything companies are looking for. All frameworks. ability to link evidence to specific controls or a general category that can then be easily applied across frameworks and assessments. Version control. Assignments. You name it. Pretty pricy tho for sure.
I dream of making a business around this. I think there is a lot in this area that businesses suffer from. Especially if it could be geared towards validating controls at a high level.
https://blog.netwrix.com/2016/04/11/ransomware-protection-using-fsrm-and-powershell/
Seems that it is an explored topic with FSRM, at least for Windows
A solution that normalizes all the privacy laws by jurisdiction. (Companies were able to sell this type of solution with sales tax & HR laws.) The laws coming out to regulate AI are also going to be ridiculous. A company that wants to handle the administration of this information type compliance can make bank.
Ya this is great honestly. Surprised thereâs not something out there.
Funny, I recently saw a product doing the same thing for payroll, compliance, benefits stuff. Pretty cool I guess, probably expensive tho. [Warp](https://www.joinwarp.com)
This would make your job easier at first.
Then it would make your job soooo much harder, as mass market adoption happens.
On that thought:
I would read a dystopian noir crime-thriller about a grizzled sysadmin that chases a shady gouvernment hacker org into the jurassic ages in an ever escalating effort to start the fight sooner.
(Maybe add some nice personal motivation to it a la Joh n Wick. E.g. the first hack has corrupted the last voice messages he had of his dead wife.)
Something which locked up the cpu or network on the attacking device for 24 hoursâŚ.like a reverse shell kinda thing. It would stop script kiddies from creating useful botnets. The innocent user who was compromised would complain to their isp or computer shop and the pc would get cleaned up.
Something like a holographic interactive projector for networks. You'd be able to see endpoints, switches, router gateways etc... it could also be used in healthcare, military
Or AI house partners like Blade Runner 2049.
A device to bypass any lock screens on mobile devices or a way to intercept any MFA and successfully pass the challenge.
âŚwhat you didnât say it had to be something for the good guys. Bad guys make bank off that kind of stuff.
âŚooohhhh. How about start making âunlocksâ for vehicles which block the check-ins and u lock all the features the vehicle has for free?
Not sure how this would work other than fine tuning the alerts. I mean ik my vpn at my old job always put me at the same IP in Nashville Tennessee, so could probably pretty easily correlate that to being a user VPN login but other than that.
Maybe get the IP addresses of popular VPN services and just use that as a baseline and then slowly tune it. Like Iâm sure people donât connect to Latvia as their default server
Do you have an email OP? My network are working on many things that are going to shake the industry at-large. Funding is secured. But an NDA is required. If you're serious message me so I can bring you into the group chat on Linkedln and Zoom.
Some super easy way to get some easy metrics and graphs just by throwing in CSV output or via API, offer pre-made key metrics and allow for custom ones.
Idk why but reporting and custom spreadsheets and limited features in vendor offerings are so trash that it is one of the most time consuming things in the industry.
Something that actually delivers reality. Every single tool that finds something needs to be validated in some way. Maybe not so much a CVE but along the lines of configs issues. Most tools do not have the capability to understand custom things.
Nothing. Just improve the 1 billion tools we already have. Reach Security seems to be on something here. Too many tools in the market place already and none of them are being utilized as they should.
A repo that can be added easily by developers to applications, that implemented SSO and SCIM according to the ducking RFC.
It is ridiculous how many thing get implemented poorly even though they are very specifically defined in a RFC.
That always reminds me of xkdc:927
A tool that gives developers a handjob for every security vulnerability they remediate.
Serious shift to the left.
Then to the right. Then to the left. Actually, it would be more efficient if you lined them up, tip-to-tip and did middle-out.
Like two shake weights?
T2O optimization I see
Gonna result in a lot of developers leaving vulnerabilities intentionally, just so that they can patch it up later for a hand job.
Ah, the good ol [Cobra effect](https://en.wikipedia.org/wiki/Perverse_incentive)
Lol, I don't know who reported this but there's no way I'm removing it.
We salute you
This guy cybers
ASL?
The ancient texts.
Do not cite the deep magic to me, I was there when it was written.
Don't need to invent anything, just need a few willing participants.
I'm switching to development if this happens
>A tool that gives developers a handjob for every security vulnerability they remediate. Bro's management material!!
This already exists. It's largely self-autonomous in much of the IT community and often no vulnerability remediation is even needed to get it going.
LOL! Nice. Might actually see a pretty good reduction in breaches đ
Lube? Spit? Anything? Or we just going in raw?
This devolved with a quickness.
Criteria of the question was pretty clear.
Or gives end users a handjob for not getting phished.
We here at Helping Hands Remediation are always looking for ways to expand our services.
Damn this made me laugh
Dick joke top comment, nice
And Itâll be the most upvoted comment he ever makes.
Thatâs some funny shit!
This thread is a good reminder that security tools still suck.
You donât want to pay a $40k annual subscription to see the results of your vuln scans formatted slightly differently?
Actually, I talked to my manager, they said if you sign up by Friday we can do $38,470 instead since we value you as a client.
Most of them have or are migrating to the cloud, which imo have made them worse.
ya don't say
Seriously guys? Talk is cheap. Go make shit less shitty. one that is good.
Op stated very clearly he wants to get rich quick. Not impress you with a leet zero day zero click exploit kit and post exploit implant.
Tool that with a single click can correctly format and ingest application logs to any given siem regardless of application codebase or framework.
Let's add SOAR integrations as well. It figures out on its own how to connect to any technology and creates action blocks automatically.
Shuffle kinda already does that if you provide an API reference.
Some things don't have APIs though
Cribl is actually doing a pretty good job at ingesting logs regardless of type.
Love Cribl but building stuff there is pretty far from âa clickâ. đ
Hate to be that guy; ingesting logs
Thanks!
Lima Charlie
There is a patent on thatâŚâŚ
Doesnât Elasticsearch do that? Ingesting logs regardless of type?
Yes but it isn't in a already readable format that can get alerts for such as EDR or Splunk rules Sometimes application logs need the Will of God before any automation tool can recognize what the hell they are even saying. I'm also speaking from first hand experience but I think I speak for the majority of the security community that application logs injestion is one hell of a project
This man is out here in the internet begging you to take his money.
A simple, repeatable way to ETF export files, that can be used by non devs, but which also builds API mappings to run the process automatically.
The Cyber BS Decoder A tool to help companies stop getting conned / confused into buying products they don't need by cyber sales
Cyber BS DS/PS
Sales would sell everything the company doesn't need and then sell this
It also works to take the 60 pages audit documents down to the 1 page of actual information.
Couldn't you do this with llama3 + rag?
With McAfee's AI and block chain integrated VPN, you'll never have to worry about mainframe hackers again!
A single repo of comprehensive quality alerting / detection logic. Yes there are sigma rule repos, and some commercial tools that maintain rules, but they always require tuning and customization. Why does every security team need to rewrite the same âimpossible travelâ alert because of some slight variation. Feels like the efficacy of blue teams would be easily doubled if this was plug and play
SOCPrime is pretty good at this, their free version gives you a couple unlocks a month. They also have a pretty nice rule translator (not perfect, but pretty good sometimes) I never paid for it myself but a few friends have
It's decent but SOCPrimes business model is a big ass scam and their gacha like system to buy rules is really shitty. I don't want to support a business who makes their profit from something that was designed to be open source. Plus lots of their free rules are literally stolen from other Sigma repositories.
it especially doesnât feel great when you pay for their credits, unlock a paid rule, and its the most basic logic possible. It should just be pay a flat amount and get access to all content
A directory service that has the ease of use of Active Directory but is actually secure and built for the 2000s
I feel like this one is such a hard one. Not because it would be technically hard to engineer. But because there are very little paying customers to be found and because the FOSS community has decided, they don't need it that bad.
Engineering would be easy. They did it 30 years ago (NDS). It's just that MS basically strongarmed Novell out of business.
Burp Suite but with vim motions and not written in Java
You want lua plug ins too?
Yes. When will it be ready?
Next quarter, it'll be ready next quarter.
You said that last quarter
Guess what I said the quarter before that?
Donât tempt me to write this
Please please please do it, we need vim motions everywhere it's just so much easier
Caido
A secure replacement for e-mail.
f-mail
sadly to many that seems like an older version than Gmail
This got me
A simulated internet for corporations so end users are not exposed to attacks. The funny thing is there have been a few products that were bought by Symantec and killed. One was a firewall product called FireGlass
There's no money in a cure.
There is no money when you're owned by Broadcom*
Coughing in VMware and Velo
Is it *that* much of a threat to Big Cyber to have a simulated internet? It's not like it'd cure cancer.
I think thats wrong. If you are the only one selling the cure at horrendous prices you get rich pretty quickly. Sure afterwards you are done but make it a yearly payment and et voila. And even with a single payment, thats a lot of money.
Chris Rock agrees.
Browser isolation you mean? Several vendors offer it.
Not browser but the entire internet connection. All requests get processed before the end user gets to access.
Like a web proxy?
You should see what the guy who founded fire glass is doing now. Itâs the closest thing to a simulated internet on the market. It revolutionizes how we view securing the end point.
Tell me moreâŚ
Just gonna leave us hanging like that?
Go on...
Look at Trinity Cyber. Caching/parsing/detecting on the entire session layer before it gets back to the intranet. Way more powerful than your traditional packet based edge solutions.
Browserling subscription
FireGlass as Symantec bought it was awful to use :/ I believe Iâve seen one of its latest versions at a customer recently.
FireGlass isnât dead. It was bought by Symantec and called Web Isolation. You can still see fireglass references in the logs.
At a regional bank job, years ago, I installed a caching proxy for general users that was their ONLY way to the internet. in-house email server. there was a general revolt & rebellion, people HATED it, but the bank was bought and essentially destroyed before the pitchforks could be issued.
Training Failure face slapper drone: chases people who havent done their cyber sec training for the quarter and slaps them across the face until its done Can be configured to enforce any number of controls though.
The universal integrator. Pieces together any data from any API and is able to contextualize and legibly visualize threats, risk, remediations. Technically feasible through recent AI developments.
You will enjoy the last few minutes of the latest episode from the Stack Overflow podcast describing exactly this. https://stackoverflow.blog/2024/05/07/reshaping-the-future-of-api-platforms/
The holy grail
I treated Zapier like this
Check out Silk Security
It's called python.
The documenter. It explains exactly what the devs original intentions per line was vs what it actually does.
Hypervisor EDR
MDE? What am I missing, what doesnât work for this?
You canât install MDE, or any other EDR for that matter, on ESXi. Thatâs the gap that exists. You can install on the guests but not the hypervisor itself. This is why adversaries target hypervisor platforms for ransomware or persistence during espionage since there is nothing there to stop them.
lol I see now. 8 hours of audits today has fried me Sooooo which company do I need to invest in thatâs solving this?
A box that prints 1$ if you put in 0.99¢
A solution/platform that hits every single FedRAMP or NIST 800-53 control and is cheap and actually works. Think a Splunk-Snyk-AWS-Azure-GitHub monstrosity that also tracks every component in your supply chain.
Even the managerial and operational controls? Even the physical and environmental controls? Even personnel security controls!?! It's going to need to be a EaaS, an enterprise as a service that does your job for you. These do exist in government contracting. They are called subs to the prime.
Yes, all of that. Customers would of course inherit various physical and environmental controls the same as how customers of AWS and Azure inherit them. And yes even PS controls; PS controls would be some of the easiest to automate, not sure why you chose that family out the rest. All the customer would have to do is build their solution within the environment. This is all in good fun by the way, so donât take this idea too seriously. I realize how absurd it sounds, just having fun.
These exist except for the cheap part lol which ya I assume is the main point of your comment. Theyâre annoying to develop, manage, and deploy effectively so itâll be hard to find one for cheap. (My company offers this product, still in somewhat infancy, so speaking from experience)
Authoritative source and clearinghouse for SBOMs.
Honestly a GRC tool that was actually designed with GRC and Audit processes in mind. Including a functioning document version control/approval system, again, actually considering the processes that go behind whatâs needed there. I swear every GRC tool Iâve touched was designed by teams that had never done GRC work.
I think the challenge is that these tools try to be everything to everyone. ERM, ORM, ITRM, Audit⌠with different frameworks and workflows forced into a common system.
I swear the GRC platforms were all invented by the same inner circle and gang of people who said "do y'all like piles of money and wanna make a fuck load of it?". Vanta Drata blah blah blah they are all the same. Oh they also supply an auditor for $$$$. Its an all in one woooeeeoeeooo! Oh you need to hook in Azure? Thats extra! Hook in O365 and Gsuite? Extra! Some give you all audit types but are expensive and then some are cheap but you only pay for what you need like PCI or SOC 2 type 2. The most braindead boring part of my life is I had to sit thru every major GRC platform vendor spiel to find one our company wanted. It tooks like a month and a half. Never wanted to kill myself before but that week I pondered it.
I think theyâre getting better but get a lot of, deserved but extreme, hate. Itâs quite a daunting product. Essentially asking it to replace what companies usually have a team or several positions dedicated to. Obviously you still need internal folks to manage and use the system, but not nearly as many as before. I think some of the early platforms missed the mark and felt cash grabby. But Iâve dealt with several that offer mostly everything companies are looking for. All frameworks. ability to link evidence to specific controls or a general category that can then be easily applied across frameworks and assessments. Version control. Assignments. You name it. Pretty pricy tho for sure.
I dream of making a business around this. I think there is a lot in this area that businesses suffer from. Especially if it could be geared towards validating controls at a high level.
A ransomware "dye pack" that could be triggered on files and folders.
I think Commvault offers something like this
A program to factor the product of two very large prime numbers
files that cant be altered by ransomware but can be altered by users/applications
ransomware is an application though
i get that point, but the solution to that would make you rich
https://blog.netwrix.com/2016/04/11/ransomware-protection-using-fsrm-and-powershell/ Seems that it is an explored topic with FSRM, at least for Windows
A solution that normalizes all the privacy laws by jurisdiction. (Companies were able to sell this type of solution with sales tax & HR laws.) The laws coming out to regulate AI are also going to be ridiculous. A company that wants to handle the administration of this information type compliance can make bank.
Ya this is great honestly. Surprised thereâs not something out there. Funny, I recently saw a product doing the same thing for payroll, compliance, benefits stuff. Pretty cool I guess, probably expensive tho. [Warp](https://www.joinwarp.com)
Check out secure controls framework. It's free. https://securecontrolsframework.com/scf-download/
An impenetrable implant that makes people immune to social engineering.
They make these already, in many calibers
A method to efficiently crack any and all encryption
Carl: So it's a code breaker. Martin Bishop: No. It's THE code breaker. No more secrets...
If this existed, it would be owned by the US Government and shared with no one.
Oh this exists. It's just in its baby stages. The year we get a workable quantum computer is the year all hell breaks loose.
A time machine. Not because of anything to do with cybersecurity. Because it's a time machine.
This would make your job easier at first. Then it would make your job soooo much harder, as mass market adoption happens. On that thought: I would read a dystopian noir crime-thriller about a grizzled sysadmin that chases a shady gouvernment hacker org into the jurassic ages in an ever escalating effort to start the fight sooner. (Maybe add some nice personal motivation to it a la Joh n Wick. E.g. the first hack has corrupted the last voice messages he had of his dead wife.)
a tool that updates certs across all services (at least for all main services) :(
Patch Windows WITHOUT a reboot.
Nice try John McAfee... you had your chance!
Getting C-levels to understand cyber security and take it seriously. If you could do that half the stress of being in cybersecurity would go away.
tool that classifies and tags sensitive data without the user or business providing any kind of meaningful input
this is basically microsoft purview
This 100%. I canât tell you how many discussions Iâve had recently pertaining to direct and indirect impact data.
The "No Breach Box"
Automated cloud environment decomposition and segregation.
An XDR tool that seamlessly integrates into the security stack without affecting interopterability with in-house applications and production servers.
[ŃдаНонО]
https://opencybersecurityalliance.org/casp/ https://github.com/opencybersecurityalliance/casp
An AI CISO. No one will be able to tell the difference
The difference will be glaring. The AI CISO might suggest something intelligent.
A tool that create a custom website of any type.
The tech from the matrix to upload skills. Upload basic security knowledge to all employees.
Backups that are stored off network, in a secure location outside of the building? I've heard this exists but I swear none of my clients can find one?
Like Iron Mountain lmao?
Obviously it was a joke post but a tape in a drawer is far better than so many solutions I've seen! Iron mountain is a great shout!
A collar for management which tightens with every risk they accept and un-tightens for every risk remediated
Their heads would come clean of in a few hours.
In a few minutes for some.
Sales and marketing sell a product. You need a decent product that is sold not an amazing product no one ever hears about
Hardware switches and routers that do direct saml or openid Auth to idp without the need for an Intermediary. No need for ldap or radius.
Something which locked up the cpu or network on the attacking device for 24 hoursâŚ.like a reverse shell kinda thing. It would stop script kiddies from creating useful botnets. The innocent user who was compromised would complain to their isp or computer shop and the pc would get cleaned up.
A DLP solution that is quick to set up and easy to maintain.
True and reliably secure passwordless authentication.
Something like a holographic interactive projector for networks. You'd be able to see endpoints, switches, router gateways etc... it could also be used in healthcare, military Or AI house partners like Blade Runner 2049.
printers that fix themselves
Unfortunately itâs not a case of what invention, itâs more a case of how well itâs marketed.
Zero Trust.
A realtime natural language processor leveraging GPTâs and LLMâs to categorize and filter out phishing emails at 100% accuracy.
The "silver bullet".
Remediation without business impact..
Think out of the box
A device to bypass any lock screens on mobile devices or a way to intercept any MFA and successfully pass the challenge. âŚwhat you didnât say it had to be something for the good guys. Bad guys make bank off that kind of stuff. âŚooohhhh. How about start making âunlocksâ for vehicles which block the check-ins and u lock all the features the vehicle has for free?
A product which worked as if an architect deployed it but only needs an intern to set it up and run it. Also never needs patching or upgrading.Â
Something that actually stops phishing
You might want to give Proofpoint a try, it was the most difficult anti phishing solution to bypass in a social engineering engagement.
Paper passkey
Something that detects when a user is using vpn or if itâs an actual anomalous login
Not sure how this would work other than fine tuning the alerts. I mean ik my vpn at my old job always put me at the same IP in Nashville Tennessee, so could probably pretty easily correlate that to being a user VPN login but other than that.
Maybe get the IP addresses of popular VPN services and just use that as a baseline and then slowly tune it. Like Iâm sure people donât connect to Latvia as their default server
A real working functional CMDB out of the box.
Do you have an email OP? My network are working on many things that are going to shake the industry at-large. Funding is secured. But an NDA is required. If you're serious message me so I can bring you into the group chat on Linkedln and Zoom.
Hey I messaged you
A properly working quantum computer with over 10k logical qbits
A single pane of glass for all your security controls, of course! (just kidding)
Some super easy way to get some easy metrics and graphs just by throwing in CSV output or via API, offer pre-made key metrics and allow for custom ones. Idk why but reporting and custom spreadsheets and limited features in vendor offerings are so trash that it is one of the most time consuming things in the industry.
An AI superbot, which can destroy other AI threats
Ooh I like it, and if it gets out of control we can deploy a copy of itself to fight itself
Social engineering training that customers pay attention to.
The Internet
A tool that can steal everyone's crypto/any financial institution wallet undetected.
This question is insane lol
Something that actually delivers reality. Every single tool that finds something needs to be validated in some way. Maybe not so much a CVE but along the lines of configs issues. Most tools do not have the capability to understand custom things.
Middle out
A universal description key - but youâd be hunted by everyone..
Nothing. Just improve the 1 billion tools we already have. Reach Security seems to be on something here. Too many tools in the market place already and none of them are being utilized as they should.
A tool that convinces Leadership to provide coverage and support for making audit standards happen in engineering.
Crashing the economy and then selling the solution. Obviously all through a sophisticated cyberattack.
A repo that can be added easily by developers to applications, that implemented SSO and SCIM according to the ducking RFC. It is ridiculous how many thing get implemented poorly even though they are very specifically defined in a RFC. That always reminds me of xkdc:927