#hack100days Day62: Okay, I lied. Not HtB. Looked at an Offensive Security Proving Grounds-Playground box. Watched a live walk-through on the box. Also watched an Ippsec video re: LFI. #infosec #cososec
#hack100days Day61: Finished _Bug Bounty Bootcamp_, skipped chapter 23 and read chapters 24 & 25. Tomorrow, back to #htb. #infosec #cososec
#hack100days Day 60: Read chapter 22 of _Bug Bounty Bootcamp_. #infosec #cososec
I really wish that large leftist accounts would focus more on productive countermeasures and less on mouth-foaming outrage.
Vilifying Mitch McConnell is wasted effort that plays into GOP mechanations, and using that platform to drive turnout and support for Democrat Senate candidates would go a lot further towards making the evil turtleman irrelevant. #politics
@Xponent @th3j35t3r Is 5.56 “over-sized” for hunting deer or boar? I’m not a hunter, so I don’t know. I’ve been calling my congress critter to ban 30-round magazines. Want to use a 5.56 to hunt deer or boar, go ahead—here’s your 3-round magazine. (Call your congress critters! Here are scripts and contact info: https://5calls.org/)
#hack100days Day59: Turns out I read chapter 20 yesterday and chapter 21 tonight. Duh. Saw a walk through yesterday that leveraged looking for .git on a web page. I haven’t done an analysis on that kind of information disclosure vuln, but I reckon it’s rare but damaging. Tomorrow, we read code. #infosec #cososec
@JMHardin Only if you have a copy of the playlist beforehand, "Never Gonna Give You Up" isn't on it, and he does, in fact, play "Never Gonna Give you Up". Would probably still be a pretty good show.
#hack100days Day58: Read chapter 21 in _Bug Bounty Bootcamp_. Dangling CNAME is bad, m'kay? A deeper dive on sign-sign-on exploits is really going to be needed for effectiveness. #infosec #cososec
#hack100days Day57: watched a live stream, Alh4zr3d breaks two k8s challenges on try hack me #infosec #cososec
#hack100days Day56: More cracking at trick.htb. Found a thing on an entry point, but I'm stuck turning it into something more useful. Tantalizing config on entry point two, but it isn't giving me any goods. #infosec #cososec #hackthebox #tryharder
#hack100days Day55: More banging on trick.htb. Found a new potential entry point. Took a while to figure out how to find it, but didn't get terribly far on it before I had to pack it in. #infosec #cososec #hackthebox
#hack100days Day54: Read another chapter, chapter 19, of _Bug Bounty Bootcamp_. #infosec #cososec
#hack100days Day53: Got creds from yesterday's scans. Explored the app, looking for escalation vector. Found limited LFI, so progress! #infosec #cososec #hackthebox
Nick Kyrgios' problem space with tennis is between his ears. Such talent. Rooting for him to get his attitude right. He'd be so great for the game if he could quit being such a boor. #wimbledon
#hack100days Day52.1: Went to the forums for some hints. Revisited a service I thought was a dead end. Double-checked syntax and tried another potential configurable. Boom. Found another entry point. Now I'm starting to get some progress. ...and I'm leaving to go to a concert soon. Gotta unplug for a bit, every now and again! #infosec #cososec #floydcoverband
Muddling through.