#hack100days : Day4 : A good chunk of time in #htb Release Arena. Banged on Flight, a hard Windows box. I've gotten user with some nudges from a Discord group I worked with. Still working on root. Been a while since taking a crack at a Windows box. #infosec #getsmart #cososec
Microsoft Warns on Zero-Day Spike as Nation-State Groups Shift Tactics
One of the most troubling manifestations of the trend is the increasing use among nation-state actors of zero-day vulnerability exploits in their attack chain. Microsoft's research showed that just between January and June of this year, patches were released for 41 zero-day vulnerabilities between July 2021 and June 2022.
https://www.darkreading.com/attacks-breaches/microsoft-zero-day-nation-state-groups-tactics
#hack100days : Day3 : More time working on PWST, sections 4-8 through 4-13. Videos were short, so don't too excited. There a 'more practice' video left in section 4, so plan is to spend some time on that tomorrow. #infosec #getsmart #cososec
I've been keeping my Twitter account to protect my handle. And lurking. Also to keep lurking until the main folks I like to follow have moved. It keeps changing my setting from 'Latest Tweets' to 'Top Tweets'. What shit-housery. #twitterisdying
Eric Clapton and Jeff Beck at Ronnie Scott's...never knew beck could play slide...wow...
https://www.youtube.com/watch?v=D9BUXsa55hg&list=RDD9BUXsa55hg&start_radio=1
#hack100days : Day2 : Tuned in to @Alh4zr3d@twitter's twitch (https://www.twitch.tv/alh4zr3d). He streamed pwning the #hackthebox Tricky box. Watched @mttaggart's _Practical Webapp Security and Testing_ (https://academy.tcm-sec.com) (henceforth, PWST), sections 4-6 and 4-7. Need to spend some more time on 4-7 and the javascript trickiness. #htb #infosec #CoSoSec
#hack100days : Day 1: Picked back up "Practical Webapp Security and Testing" by @[email protected]. Knocked out section 4-5, which is about sqli. Played around with ZAP Active Scan, tried out some different files for fuzzing and detecting sqli--fuzzdb, SecLists, and one I compiled from a couple of books. Will continue tinkering with manually enumerating the db before bed. Maybe see about getting mysql/mariadb table enum into my home-grown list. #infosec #CoSoSec
Earlier this year I did a #hack100days run. I got it done after a couple of stumbles and during that time I got a new gig as a #redteamer. Also managed to start a course, but not finish. Plus, with #mastodon being a new shiny, I need to refocus. Time for another run. Stay tuned... #infosec #CoSoSec
Testing a script. #XpostCoSo #XpostInfosecExchange #disregard
Oi! #redteamers! For inside services, do you carry out any password spray attack exercises? #redteaming #redteam #cososec
This ear worm has been rattling around my bald head all day. Your turn: https://youtu.be/iywaBOMvYLI
#cosomusic #soad
Oi! #redteamers! For inside services, do you carry out any password spray attack exercises? #redteaming #redteam #cososec
Are you noticing some slowness? That's to be expected. We've become kinda popular lately, but don't worry. It usually subsides very quickly. #CoSoTips
From infosec.exchange: https://infosec.exchange/@guamwatt/109258355030128344 Dan Miessler is pretty smart. If you don't have a handle on your assets, you aren't protecting anything. You're practicing 'faith-based security' and 'faith-based systems administration' #cososec
Mastodon is also growing: https://bitcoinhackers.org/@mastodonusercount/109258290630997565
Got back onto infosec.exchange Mastodon channel. When seeing all the feeds, I see quite a few German posts. Anyone know if there’s ‘simple’ German channel for n00bs learning German? #lerneDeutsch #deutsch
Muddling through.