#hack100days Day 1: Enumerate targets in a web application CTF. Explore potential sqli points. Look at SSTI for Werkzeug. Look at SSRF candidate. (dafuq is a gunicorn?)
#hack100days Day 2: Listened to @jhaddix@twitter talk about his #bugbounty methodology at NahamCon. Lot of good tools and some advice on things to pay attention to during enumeration. Need to re-watch and take notes--play with some tools. (Also was up to wee hours this a.m. working NahamCon ctf) #infosec
#hack100days Day 3: Reviewed shub's (@infosec_au@twitter) slides (https://drive.google.com/file/d/14OFU-B2CqnrNlMX9jis1ApRIAOlJNfbW/view) from NahamCon 2022 re: Finding 0days in Enterprise Software. I did not know Lotus Domino was still a thing. #ssrf #infosec
#hack100days Day 4: Installed k8s on Ubuntu lab box. Downloaded Kubernetes Goat (https://madhuakula.com/kubernetes-goat) to install later tonight or tomorrow. I wish to grok the networking better. #k8 #infosec
#hack100days Day 5: Virtually attended SANS CloudSecNext Summit. Really good Keynote by Sounil Yu (https://youtu.be/mEGqC1tuO4E). Also saw a preso on K8 security by Jay Beale.
#hack100days Day 6: Virtually attended SANS CloudSecNext Summit, day 2. Some good presos. Site capturing all the links: https://start.me/p/7krAd2/sans-cloudsecnext-2022 Today's keynote was good. Emerging Threats Against Cloud Application Identities... was a good press by Basseri and Bercik. Found a pointer to http://kubebyexample.com, so off to that site to get basics down before re-trying Kubernetes Goat #infosec
@Amyfb A lot of them are public. I'm not certain about the slides.
@scottlink that was interesting. Are those going to be public links or just for attendees ? Thanks