Show more
ath0 boosted

Day11: Continued working on Hacking APIs. Next up is working on the labs. Created a postman account.

The Rafa and Felix match is pretty damn fun to watch.

Day10: New chain, longer than the old chain! Read more of Hacking APIs, by Corey Ball. Looking forward to learning more about GraphQL—want to understand the AuthZ patterns and techniques. Also learned about Broken Object Level Authorization (BOLA). The examples look a lot like IDOR, but I think I grok the diff. You can have an IDOR that’s not a BOLA, but I reckon you could get a BOLA as a result of an IDOR. Still need to think and tinker with this one a bit.

ath0 boosted

If guns aren't the problem and people are the problem, why do you want the problem to have a gun?

Day9b: Decided "hacking" myself counts today. Started using LYT (linkingyourthinking.com) note-taking. Moved a bunch of notes from old program to the new.

Day8b: Power went out for a couple of hours today. So, went analogue and read two chapters of Hacking APIs by Corey J. Ball (nostarch.com/hacking-apis)

Day7b: Read the Verizon DBIR. Interesting graphs in there. Nothing really new under the sun. Which isn't a bad thing.

ath0 boosted

If you are upset about what happened in Texas, please for the love of all our children, TELL YOUR STATE'S CONGRESS PEOPLE.
via phone
D.C. Switchboard (202) 224-3121
Help with calling
www.5calls.org
Via text
resistbot.io
or text RESIST to 50409

Campaign finance idea--Campaigns are only permitted to be finances or accept donations from constituents in the district the campaign is gunning to represent.

Day6b: Hack the Box Academy. I like the UI for Burp, but I like not having to pay to get the goodness that ZAP brings. Also took a minute to break the rust off for using Metasploit. Can't remember the last time I looked at that.

Day4b: Testing payloads. Trying to figure out if I’m overthinking it. Tokens matter.

Day 3b: More reading about , still need to find right payload. Found an article that walks through a process to find a way to the OS module.

Day 2b: Kept at the machine. Working out a good payload. Interesting injection point. Also reworking note taking process. Still slow.

Day 1b: Dropped the ball yesterday, busy day. Cyber Apocalypse is done. Working on a machine today. New day, new chain.

Day9: Continued Cyber Apocalypse . Moved to a new challenge. Enumerated site, but not finding entry point. Spent good part of day working on groking MSFT Defender for Cloud Apps.

Day8: Continued Cyber Apocalypse CTF. Getting *way* more acquainted w/JavaScript. I've got an XSS, but I'm still working out weaponization. Still no additional points, but the day ain't done yet.

ath0 boosted
Show more

ath0

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.