#hack100days Day7: Continued banging on Cyber Apocalypse CTF '22. Finally "really" on the board with a solved web challenge. Downloaded the code for a bunch of other challenges, so it's time to practice code analysis. #infosec #cososec #ctf

#hack100days Day6: The new chain is longer than the old chain! Started Cyber Apocalypse CTF 2022 this morning and worked on it for a couple of hours. Got the 'intro' flag. Worked on two of the challenges, but haven't gotten anywhere--oof. Slight blow to psyche. Good weather today, so worked on container gardening. Now that dinner is done and have whisky on the side table, getting back at it. #infosec #cososec

#hack100days Day5a: Continued #ctf, but haven't gotten much further. Watched Hack the Box's "Hands on Hacking" live-stream that's setting up Cyber Apocalypse CTF 2022, which starts tomorrow. Keep an eye on HtB's youtube channel, they'll be posting the videos. The ippsec interview was good and Sheeraz gave a good overview of K8s, which I found helpful. #infosec #cososec (One more meeting and then I can focus on the auth bypass sqli...)

#hack100days Day4a: Continued #ctf. Poked at login page and got an interesting error. Still tinkering with that between meetings. There's an auth bypass here, I can *smell* it. Also had some vigorous discussion on what Domain Isolation" is and isn't. #infosec #cososec

#hack100days Day3a: Continued #ctf. Solved an image forensics channel. Wrote some scripts to reap user account data and to reap all the images. Read part one of a three part blog on bulbs found in a CDN provider network. CDN Provider had their side published, as well. #infosec #cososec

#hack100days Day2a: Continued #ctf. Solved crypto challenge and found hidden end point. Sqlmap continues chewing on user table. Used an idor and a script to enumerate all the users. #infosec #cososec

#hack100days Day1a: New Chain. (Oof.) Today, started a multi-day #ctf by cmd+ctrl. Currently at 1570 points. Found a couple of pages susceptible to #idor, which led to #authbypass and sensitive data disclosure. Solved an encryption challenge and found a "published" DOS bug. Currently banging on an #sqli. #infosec #hashtag ;)

#hack100days I fell down and broke the chain. Watched Nahamsec's Live Recon Sundays session today with Stök and JHaddix where they interviewed @lilc. That was fun and a good reminder to get back at it. Got run some errands and then back at it tonight. #infosec

#hack100days Day 6: Virtually attended SANS CloudSecNext Summit, day 2. Some good presos. Site capturing all the links: https://start.me/p/7krAd2/sans-cloudsecnext-2022 Today's keynote was good. Emerging Threats Against Cloud Application Identities... was a good press by Basseri and Bercik. Found a pointer to http://kubebyexample.com, so off to that site to get basics down before re-trying Kubernetes Goat #infosec

Link to Sounil Yu's slides: https://sansorg.egnyte.com/dl/UdfWs2kXbO

#hack100days Day 5: Virtually attended SANS CloudSecNext Summit. Really good Keynote by Sounil Yu (https://youtu.be/mEGqC1tuO4E). Also saw a preso on K8 security by Jay Beale.

#hack100days Day 4: Installed k8s on Ubuntu lab box. Downloaded Kubernetes Goat (https://madhuakula.com/kubernetes-goat) to install later tonight or tomorrow. I wish to grok the networking better. #k8 #infosec

#hack100days Day 3: Reviewed shub's (@infosec_au@twitter) slides (https://drive.google.com/file/d/14OFU-B2CqnrNlMX9jis1ApRIAOlJNfbW/view) from NahamCon 2022 re: Finding 0days in Enterprise Software. I did not know Lotus Domino was still a thing. #ssrf #infosec

#hack100days Day 2: Listened to @jhaddix@twitter talk about his #bugbounty methodology at NahamCon. Lot of good tools and some advice on things to pay attention to during enumeration. Need to re-watch and take notes--play with some tools. (Also was up to wee hours this a.m. working NahamCon ctf) #infosec

#hack100days Day 1: Enumerate targets in a web application CTF. Explore potential sqli points. Look at SSTI for Werkzeug. Look at SSRF candidate. (dafuq is a gunicorn?)

Making a run at 100 days of hacking. Not setting a super high bar. Minimum, critically read a security article and take notes. Max, hands on keyboard and write/edit a script, hack on a ctf or lab box, work on a hacking workflow. #hack100days

I'm using #pihole to 86 ads, which makes counter.social sad and warn me stuff isn't going to work. Anyone take a crack at making CS unsad? I looked at the logs and don't see anything getting blocked. #dnssinkhole #adblocker

Looking for all the #infosec #cybersec and #bugbounty peeps. Hope to see more of the folks I follow on other platforms make it over here. Uffda!