#hack100days Day37-ish: Feroxbuster was hung. Killed it off, pulled state file and output log back for additional analysis. Gave to face discussions with a netsec vendor about netflow analysis, which dovetailed with risky.biz podcast I listened today. They talked w/Gigamon on the same topic. #infosec #cososec

#hack100days Day36: Tried out feroxbuster. Seems like it's hung, so I'll give it some more time. Took another look at the code repository's search function to see if I could find more 'stuff'. No joy there. Need to read some more. Might be time to look at another host in the VDP. #infosec #cososec #enumallthethings

"Conspiracy shi-- theories"

#hack100days Day35: Scan is done and the results are thin. I did feed it too much, but the results suggest I may have misused the tool. Shrinking the target and trying another tool. Some of the URLs in the spider results have queries, so checking for sqli test candidates. ZAP continues trying to choke down the analysis of the spidering. #infosec #cososec #enumallthethings

@frankp Hope he didn't drop his pocket.

Got progressive lenses today. Close up to computer screen is making me a little woozy. Getting old is bullshit.

#hack100days Day34 (1/3rd of the way!): A scan is still going, but it's NAT is likely sinkholed. Will wait until scan is done to confirm. Spider results from ZAP are still getting chewed on. So, in the meantime, read ahead on _Bug Bounty Bootcamp_. #infosec #cososec

@sjvn Interesting. Don't love the AI slapped onto it.

@spacesloth ..."here try this, it's awful"? ;)

@LisaHope @NorCalCherylLyn ...but no window dressing.

@loboholic User error or "please do my work for me, it's hard"?

#hack100days Day33: More enum. Found a new tld to chew on. Started poking at an apparent code repository, but it's pretty thin. Need to do some reading on the product. Another host is H U G E, relatively speaking, and is running Wordpress. Managed to get my IP baninated spidering the site. Getting acquainted with axiom now. #infosec #cososec #enumallthethings

@asmitty It's like the Dems and Rs swapped part of their brains. I'd like to see a third and fourth party come along to break the duopoly.

@asmitty ...and the party instrumental in ending slavery has decided to careen into fascism.

#hack100days Day32: More enumeration of VDP scope. A host/subdomain I initially picked off looks to be an orphaned DNS name. Will keep an eye out for calls to it from other assets. Maybe the glb/waf is looking for something "magical". Found a doc spelling out a policy that may help. #infosec #cososec #enumallthethings

Watched ep. 2 of Ms Marvel. Enjoyed it. Disappointed I have to wait for the next episode. OTOH, I won't be binging until the wee hours.

@grannyclear I reckon the goal, at a minimum, was intimidation.

#hack100days Day31: Diving back into _Bug Bounty Bootcamp_ by Vickie Li (@vickieli7/twitter). Skimmed/refreshed chapters 1-4. Slowed down on chapter 5 and started blindly applying examples to the VDP I picked last night. Finding hosts and subdomains. #infosec #cososec #bugbounty #enumallthethings

#hack100days Day30: Finished _Hacking APIs_ last night. Will review and finish labs tomorrow. Spent a couple of hours looking at a VDP/Bug Bounty program with a really big scope. Started nailing down and documenting some of the detailed scope—DNS domains, net blocks, websites, etc. #infosec #cososec #bugbounty