@sjvn Apropos to the use of MITRE ATT&CK to share breach info... https://blog.talosintelligence.com/2022/08/recent-cyber-attack.html

@sjvn That's too bad. I thought ATT&CK was published for the common good and they were interested in getting feedback on things to add. I didn't perceive it so much as an instrument of US Policy. (I'm now hearing a Fleetwood Mac song in my mind. "You can go your own way...")

PSA for all the VARs and consultancies out there. When submitting an RFP response or a proposal, please make sure the grammar is right. It's distracting if it's wrong. Also, if you're re-using a proposal from another customer, please remove references to the other customer.

@Autumn Have you made time for Jesus?😂

@sjvn Why did they create a new framework instead of working with MITRE to build ATT&CK? Lots of vendors and their customers are already using it.

#hack100days Day85: Banged on academy.htb. Wordlists matter. Grr. #infosec #cososec

#hack100days Day84: Poked at a box on another platform. Looks like BlueKeep is the way in, but metasploit module is for x64 and the target is x86. Found a PoC for x86, but I'm fighting python module dependencies. I need to get better at venv, I guess. Then the clock ran out, so I can't pick at it until tomorrow. #infosec #cososec

@th3j35t3r Couple of things stood out. 1) What's that accent? and 2) Says FBI shouldn't be weaponized, but should look at Hunter's laptop. #butheremails

#hack100days Day83.1 Update: Finished 2nd box. Reset box and switched to meterpreter shell instead of trying to use command shell. Worked great. #infosec #cososec

#hack100days Day83: Hands on keyboard today! Worked on a pair of TryHackMe boxes. One down pretty quickly. Some progress on the second. Using msfconsole and msfvenom on that one. Issue w/getting handler and payload to match. Don't use it a whole lot, so more googling than I like. #infosec #cososec

#hack100days Day82: Read ch 4 of _Web Application Hacker’s Handbook_. #infosec #cososec #enumallthethings

#hack100days Day81: Started Practical Web Application Security and Testing class from mttaggart #infosec #cososec

#hack100days Day80: Read ch 3 of _Web Application Hacker’s Handbook_. #infosec #cososec (fixed unfortunate typo)

#hack100days Day 79: Didn’t make time to get hands on keyboard today. Started _Web Application Hacker's Handbook_ and got through first two chapters. While it’s 11 years old, still seems pretty relevant. #infosec #cososec #authn #authz #inputvalidation

@LiberalLibrarian Cuck Stan Fronke!

Up the Cherries!

#hack100days Day78: Went along with the Alh4zr3d stream on a PG Play box. Rated as hard. Got a bead on the foothold. Slowing down to make some notes. Make brain wrinkles and have something to come back to in the future--tags, MF! #infosec #cososec #tags #sqli #weakasspasswords

#hack100days Day77: I finished last night's target on Offsec PG Practice. Started in on a new one today. Bluekeep is a spooky vuln. Should be done w/that one soon. #infosec #cososec #patchyoshit

@asmitty Pryor, Murphy, Chappelle, Rock, and I have to give Cedric some love since he's from 'round these parts. I like Sykes, too, and I've heard some Red Foxx from before his show--so I reckon I should give them honorable mentions.

#hack100days Day76: Listened in on a couple of twitch streams by Alh4zr3d and mmtaggart. Poked at a Winderz box on offsec proving grounds. #infosec #cososec #alwaysbeenumerating