ath0  

Day 1: Enumerate targets in a web application CTF. Explore potential sqli points. Look at SSTI for Werkzeug. Look at SSRF candidate. (dafuq is a gunicorn?)

1
ath0  

Day 2: Listened to @jhaddix@twitter talk about his methodology at NahamCon. Lot of good tools and some advice on things to pay attention to during enumeration. Need to re-watch and take notes--play with some tools. (Also was up to wee hours this a.m. working NahamCon ctf)

1
ath0  

Day 3: Reviewed shub's (@infosec_au@twitter) slides (drive.google.com/file/d/14OFU-) from NahamCon 2022 re: Finding 0days in Enterprise Software. I did not know Lotus Domino was still a thing.

1
ath0  

Day 4: Installed k8s on Ubuntu lab box. Downloaded Kubernetes Goat (madhuakula.com/kubernetes-goat) to install later tonight or tomorrow. I wish to grok the networking better.

1
ath0  

Day 5: Virtually attended SANS CloudSecNext Summit. Really good Keynote by Sounil Yu (youtu.be/mEGqC1tuO4E). Also saw a preso on K8 security by Jay Beale.

1+
ath0
Follow

Link to Sounil Yu's slides: sansorg.egnyte.com/dl/UdfWs2kX

· 0· 0· 0
Sign in to participate in the conversation

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.

Resources

Developers

What is CounterSocial?

Created by potrace 1.15, written by Peter Selinger 2001-2017

counter.social

More…