Show more

@Apocryphiliac "I'm Batman because I'm going on the road now and I don't think we can do it again tomorrow."

Day4b: Testing payloads. Trying to figure out if I’m overthinking it. Tokens matter.

Day 3b: More reading about , still need to find right payload. Found an article that walks through a process to find a way to the OS module.

Day 2b: Kept at the machine. Working out a good payload. Interesting injection point. Also reworking note taking process. Still slow.

@fireflysghost The trend doesn't look good, I don't agree that losing 157 people out of over 300,000 counts a being on the brink of collapse. You don't want to lose anyone, especially for stuff that could be prevented.

Day 1b: Dropped the ball yesterday, busy day. Cyber Apocalypse is done. Working on a machine today. New day, new chain.

Day9: Continued Cyber Apocalypse . Moved to a new challenge. Enumerated site, but not finding entry point. Spent good part of day working on groking MSFT Defender for Cloud Apps.

Day8: Continued Cyber Apocalypse CTF. Getting *way* more acquainted w/JavaScript. I've got an XSS, but I'm still working out weaponization. Still no additional points, but the day ain't done yet.

ath0 boosted

Day7: Continued banging on Cyber Apocalypse CTF '22. Finally "really" on the board with a solved web challenge. Downloaded the code for a bunch of other challenges, so it's time to practice code analysis.

Day6: The new chain is longer than the old chain! Started Cyber Apocalypse CTF 2022 this morning and worked on it for a couple of hours. Got the 'intro' flag. Worked on two of the challenges, but haven't gotten anywhere--oof. Slight blow to psyche. Good weather today, so worked on container gardening. Now that dinner is done and have whisky on the side table, getting back at it.

ath0 boosted

Osprey swoops down and expertly scoops up a fish on the River Spey in the Scottish Cairngorms
Wildlife photographer" Bill Doherty

Day5a: Continued , but haven't gotten much further. Watched Hack the Box's "Hands on Hacking" live-stream that's setting up Cyber Apocalypse CTF 2022, which starts tomorrow. Keep an eye on HtB's youtube channel, they'll be posting the videos. The ippsec interview was good and Sheeraz gave a good overview of K8s, which I found helpful. (One more meeting and then I can focus on the auth bypass sqli...)

@ErFlynnArt @lilc The variants don't seem to be a impactful as they were either. My MiL came down with it last week and the impact was like regular flu--shots & boosted. My FiL came down with it the other day--no shots, he's pretty ill--but impact wasn't very severe at all. (If he'd gotten the first variant, I think it'd be a different story.) Natch, YMMV based on your sitch.

Day4a: Continued . Poked at login page and got an interesting error. Still tinkering with that between meetings. There's an auth bypass here, I can *smell* it. Also had some vigorous discussion on what Domain Isolation" is and isn't.

Day3a: Continued . Solved an image forensics channel. Wrote some scripts to reap user account data and to reap all the images. Read part one of a three part blog on bulbs found in a CDN provider network. CDN Provider had their side published, as well.

Day2a: Continued . Solved crypto challenge and found hidden end point. Sqlmap continues chewing on user table. Used an idor and a script to enumerate all the users.

Day1a: New Chain. (Oof.) Today, started a multi-day by cmd+ctrl. Currently at 1570 points. Found a couple of pages susceptible to , which led to and sensitive data disclosure. Solved an encryption challenge and found a "published" DOS bug. Currently banging on an . ;)

@anamuk Ouch. Usually the running out of inodes is rare, so it's easy to miss.

Show more

ath0

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.