Day 1: Enumerate targets in a web application CTF. Explore potential sqli points. Look at SSTI for Werkzeug. Look at SSRF candidate. (dafuq is a gunicorn?)

Day 2: Listened to @jhaddix@twitter talk about his methodology at NahamCon. Lot of good tools and some advice on things to pay attention to during enumeration. Need to re-watch and take notes--play with some tools. (Also was up to wee hours this a.m. working NahamCon ctf)

Day 3: Reviewed shub's (@infosec_au@twitter) slides (drive.google.com/file/d/14OFU-) from NahamCon 2022 re: Finding 0days in Enterprise Software. I did not know Lotus Domino was still a thing.

Day 4: Installed k8s on Ubuntu lab box. Downloaded Kubernetes Goat (madhuakula.com/kubernetes-goat) to install later tonight or tomorrow. I wish to grok the networking better.

Day 5: Virtually attended SANS CloudSecNext Summit. Really good Keynote by Sounil Yu (youtu.be/mEGqC1tuO4E). Also saw a preso on K8 security by Jay Beale.

Sign in to participate in the conversation

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.