I've had this #earworm going on for about five days now. Now, I pass it to you: https://youtu.be/rGKfrgqWcv0 Enjoy! #cosomusic

#hack100days: day 1a: Missed yesterday. An internal org sent a link to a Wordle-type site as part of an awareness campaign for their services. At the end of the URL is some jumbled characters. Wonder if it's the word in encoded or encrypted format... Site let's one create a link to a word of their choosing. Trivial to go to the site and work out a key. They used the Vigenere Cipher. I win. (I'm also wkrup.) #cryptography #cososec

#hack100days : Day4 : A good chunk of time in #htb Release Arena. Banged on Flight, a hard Windows box. I've gotten user with some nudges from a Discord group I worked with. Still working on root. Been a while since taking a crack at a Windows box. #infosec #getsmart #cososec

C'mon you Bees! #NFOvBRE #epl

#hack100days : Day3 : More time working on PWST, sections 4-8 through 4-13. Videos were short, so don't too excited. There a 'more practice' video left in section 4, so plan is to spend some time on that tomorrow. #infosec #getsmart #cososec

I've been keeping my Twitter account to protect my handle. And lurking. Also to keep lurking until the main folks I like to follow have moved. It keeps changing my setting from 'Latest Tweets' to 'Top Tweets'. What shit-housery. #twitterisdying

#hack100days : Day2 : Tuned in to @Alh4zr3d@twitter's twitch (https://www.twitch.tv/alh4zr3d). He streamed pwning the #hackthebox Tricky box. Watched @mttaggart's _Practical Webapp Security and Testing_ (https://academy.tcm-sec.com) (henceforth, PWST), sections 4-6 and 4-7. Need to spend some more time on 4-7 and the javascript trickiness. #htb #infosec #CoSoSec

#hack100days : Day 1: Picked back up "Practical Webapp Security and Testing" by @[email protected]. Knocked out section 4-5, which is about sqli. Played around with ZAP Active Scan, tried out some different files for fuzzing and detecting sqli--fuzzdb, SecLists, and one I compiled from a couple of books. Will continue tinkering with manually enumerating the db before bed. Maybe see about getting mysql/mariadb table enum into my home-grown list. #infosec #CoSoSec

Earlier this year I did a #hack100days run. I got it done after a couple of stumbles and during that time I got a new gig as a #redteamer. Also managed to start a course, but not finish. Plus, with #mastodon being a new shiny, I need to refocus. Time for another run. Stay tuned... #infosec #CoSoSec

Testing a script. #XpostCoSo #XpostInfosecExchange #disregard

This ear worm has been rattling around my bald head all day. Your turn: https://youtu.be/iywaBOMvYLI
#cosomusic #soad

Oi! #redteamers! For inside services, do you carry out any password spray attack exercises? #redteaming #redteam #cososec

From infosec.exchange: https://infosec.exchange/@guamwatt/109258355030128344 Dan Miessler is pretty smart. If you don't have a handle on your assets, you aren't protecting anything. You're practicing 'faith-based security' and 'faith-based systems administration' #cososec

Mastodon is also growing: https://bitcoinhackers.org/@mastodonusercount/109258290630997565