Show more

Day19: Tested the other deliberately vulnerable apps I had issues with on the new version of docker. All good! Wrote a wrapper script to start/stop the apps as needed. (They're supposed to be cows, not pets ya?) Chapters 7 & 8 read of _Hacking APIs_.

Congress critters are pretending to do stuff re: gun violence in schools. Exhibit A: congress.gov/117/bills/hr1567/ and Exhibit B: congress.gov/117/bills/hr750/B The first bill seems unnecessary, if someone has a permit to carry a concealed weapon then they can carry the weapon. The second is redundant: schoolsafety.gov/

Call your congress critter now: 5calls.org/issue/gun-safety-re

Day18: Finally managed to get crAPI working. Needed to move to from docker 20.10.14 to 20.10.16, because of course. (I am not enamored of docker.) Finished the first crAPI lab.

@Csurvivor9 Nice! How long? What temp? What's the rub?

Vamos Rafa!
(Holy Moses he *owns* Roland Garros)

Day 17: Lab in _Hacking APIs_ wants working version of crAPI. Getting crAPI turned out to be fail. Nuked, paved, and re-started that effort. Same result. Documented steps and results. Opened an issue. Got a quick response for additional info, so we'll see how this goes. In retrospect, I should have anticipated the question.

@willc Thanks for the tip on @shehackspurple. I'll revisit this thread once I'm done with the book... ...unless it's needed for a future lab in the book.

@willc Yeah, I think the issue is that docker config file is referencing a node image that isn't available. It looks like the process falls through to grab an alpine image instead, which is missing some things the rest of the process is assuming is there. I stopped analyzing further lest this turn into a squirrel chase. It would be a good exercise to get more proficient at docker. But, not yet.

@willc So far, so good. I'm through chapter six, not quite half-way and I've been happy with it. Only gripe is his inclusion of Pixi as a lab app. It's base image doesn't appear to be available any more, so it won't install. I'm not strong enough with Docker and all its ancillary 'stuff' to fix that. Otherwise, I like the level he started with and the organization. If the beginning is stuff you already know, you can easily skip ahead.

Day16: Continuing reading _Hacking APIs_. Installed OWASP crAPI app on lab machine. Getting some touches with docker. Need to troubleshoot an error w/one of the crAPI containers. Then, time to hack it!

Day15: Back to _Hacking APIs_. Got Juice Shop installed and tucked behind an nginx reverse proxy, along with DVGA. Now have some systems to put on my list of targets. Next chapter down.

Day14: SANS ICS Summit CTF. I'm on the board! No where near top 10, but I'm not sussed since I'm learning more about ICS this way.

Day13: The chain continues... Another chapter down in _hacking APIs_. Installing deliberately vulnerable apps for the next lab and will bang on them later this evening. In the meantime, kidlet has prepared dinner.

I called my congress critters again this week. The topic: 5calls.org/issue/gun-safety-re

In particular, I asked the to close the loopholes around background checks when buying at a gunshow or in a private transaction. I also picked on high-capacity magazines. I don't have an issue with hunting, but 30 round magazines are for hunting people not deer, etc.

Yes, it's polical.

Day12: Worked on _Hacking APIs_, Lab 1. Didn't use Burpsuite, used Zap instead. Compared and contrasted with Postman. Slow going at first as I get acquainted with Postman.

ath0 boosted

@Silea @JailTheTrumps Maybe so. I certainly hope they wait until after the Trumplicans get split off from the centrist Rs. If they split beforehand, then I guess the hope would be that the Centrist Dems can pull in enough Rs that we bury the neo-fascists and put the brakes on the “progressives”—I’d rather slow *incremental* changes, but that’s me.

@FreedomATX Wonder if there’s an avenue for DOS or RCE in that firewall.

Show more

ath0

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.