@KillrBunn3 Nothing ventured nothing gained. In meat-space I think it's easier to make the connection between the Red Cross, the vehicle or building it's on, and a person. I suspect assholes are going to asshole in cyber-space.

@__p__e__t__e__ Indeed. I've got an older Intel NUC I've put to work hosting them. I've got another to bring back up on line and then I plan to look harder a k8s. Wonder what kind of stuff I can learn w/DVWA or JuiceShop on top of Kubegoat. There's _always_ something to learn! (I need to start looking for deliberately vuln IdP. See what that looks like.)

@__p__e__t__e__ So far, so good. Some stuff I've seen before. I really appreciate the labs. Between this and 'Hacking APIs', by Corey Ball, I've had to get more familiar and more comfortable with Docker. That's been useful. I'm looking forward to the capstone. Gotta find an app (off vulnhub, for example), hack it, and write a report. Little primer before going after the OSWE, I reckon.

#hack100days : Day2 : Tuned in to @Alh4zr3d@twitter's twitch (https://www.twitch.tv/alh4zr3d). He streamed pwning the #hackthebox Tricky box. Watched @mttaggart's _Practical Webapp Security and Testing_ (https://academy.tcm-sec.com) (henceforth, PWST), sections 4-6 and 4-7. Need to spend some more time on 4-7 and the javascript trickiness. #htb #infosec #CoSoSec

#hack100days : Day 1: Picked back up "Practical Webapp Security and Testing" by @[email protected]. Knocked out section 4-5, which is about sqli. Played around with ZAP Active Scan, tried out some different files for fuzzing and detecting sqli--fuzzdb, SecLists, and one I compiled from a couple of books. Will continue tinkering with manually enumerating the db before bed. Maybe see about getting mysql/mariadb table enum into my home-grown list. #infosec #CoSoSec

Earlier this year I did a #hack100days run. I got it done after a couple of stumbles and during that time I got a new gig as a #redteamer. Also managed to start a course, but not finish. Plus, with #mastodon being a new shiny, I need to refocus. Time for another run. Stay tuned... #infosec #CoSoSec

Testing a script. #XpostCoSo #XpostInfosecExchange #disregard

This ear worm has been rattling around my bald head all day. Your turn: https://youtu.be/iywaBOMvYLI
#cosomusic #soad

@samantha_79 Sounds interesting. Hot, as in spiced up w/chilis? Sausage links or loose?

@Blueway There is an app for iOS and Android. (There's not one for ipadOS, though...)

Oi! #redteamers! For inside services, do you carry out any password spray attack exercises? #redteaming #redteam #cososec

From infosec.exchange: https://infosec.exchange/@guamwatt/109258355030128344 Dan Miessler is pretty smart. If you don't have a handle on your assets, you aren't protecting anything. You're practicing 'faith-based security' and 'faith-based systems administration' #cososec

Mastodon is also growing: https://bitcoinhackers.org/@mastodonusercount/109258290630997565

@Beerguy Crazy talk! I just throw 'em into the fridge, still in the bag. ...but then again, that's not a bad idea. My lettuce mix didn't do well, this past week.

Got back onto infosec.exchange Mastodon channel. When seeing all the feeds, I see quite a few German posts. Anyone know if there’s ‘simple’ German channel for n00bs learning German? #lerneDeutsch #deutsch