The Rafa and Felix match is pretty damn fun to watch. #rolandgarros #tennis

#hack100days Day10: New chain, longer than the old chain! Read more of Hacking APIs, by Corey Ball. Looking forward to learning more about GraphQL—want to understand the AuthZ patterns and techniques. Also learned about Broken Object Level Authorization (BOLA). The examples look a lot like IDOR, but I think I grok the diff. You can have an IDOR that’s not a BOLA, but I reckon you could get a BOLA as a result of an IDOR. Still need to think and tinker with this one a bit. #infosec #cosocec

#hack100days Day9b: Decided "hacking" myself counts today. Started using LYT (https://www.linkingyourthinking.com) note-taking. Moved a bunch of notes from old program to the new. #selfdevelopment #selfimprovement #lyt

#hack100days Day8b: Power went out for a couple of hours today. So, went analogue and read two chapters of Hacking APIs by Corey J. Ball (https://nostarch.com/hacking-apis) #infosec #cososec

#hack100days Day7b: Read the Verizon DBIR. Interesting graphs in there. Nothing really new under the sun. Which isn't a bad thing.

For the USA folks on the Community firehose: https://5calls.org/issue/federal-assault-weapon-ban/ Call your reps.

Campaign finance idea--Campaigns are only permitted to be finances or accept donations from constituents in the district the campaign is gunning to represent.

#hack100days Day6b: Hack the Box Academy. I like the UI for Burp, but I like not having to pay to get the goodness that ZAP brings. Also took a minute to break the rust off for using Metasploit. Can't remember the last time I looked at that. #infosec #cososec

#hack100days Day5b: Read about hacking today. Finished 3-part series on a Cloudflare bug bounty. (https://blog.assetnote.io/2022/05/06/cloudflare-pages-pt1/) #infosec #cososec

#hack100days Day4b: Testing #ssti payloads. Trying to figure out if I’m overthinking it. Tokens matter. #infosec #cososec

#hack100days Day 3b: More reading about #ssti, still need to find right payload. Found an article that walks through a process to find a way to the OS module. #infosec #cososec

#hack100days Day 2b: Kept at the #hackthebox machine. Working out a good #ssti payload. Interesting injection point. Also reworking note taking process. Still slow. #infosec #cososec

#hack100days Day 1b: Dropped the ball yesterday, busy day. Cyber Apocalypse #ctf is done. Working on a #hackthebox machine today. New day, new chain. #infosec #cososec

#hack100days Day9: Continued Cyber Apocalypse #ctf. Moved to a new challenge. Enumerated site, but not finding entry point. Spent good part of day working on groking MSFT Defender for Cloud Apps. #infosec #cososec

#hack100days Day8: Continued Cyber Apocalypse CTF. Getting *way* more acquainted w/JavaScript. I've got an XSS, but I'm still working out weaponization. Still no additional points, but the day ain't done yet. #infosec #ctf #cososec

#hack100days Day7: Continued banging on Cyber Apocalypse CTF '22. Finally "really" on the board with a solved web challenge. Downloaded the code for a bunch of other challenges, so it's time to practice code analysis. #infosec #cososec #ctf

#hack100days Day6: The new chain is longer than the old chain! Started Cyber Apocalypse CTF 2022 this morning and worked on it for a couple of hours. Got the 'intro' flag. Worked on two of the challenges, but haven't gotten anywhere--oof. Slight blow to psyche. Good weather today, so worked on container gardening. Now that dinner is done and have whisky on the side table, getting back at it. #infosec #cososec