recentpopularlog in
« earlier  
Twitter
Point is, I never realized that coming home from the hospital with your kid was so hard, and I sympathize for all t…
yesterday
Twitter
Combined with the Windows Subsystem for Linux, this makes me feel like Microsoft is kind of cool. We're not in the…
3 days ago
(429) https://twitter.com/i/web/status/1227969641294770177
RT : This looks like a good deep dive into how to compromise k8s clusters.

I have videos of most of those steps in the…
3 days ago
Tutorial on privilege escalation and post exploitation tactics in Google Cloud Platform environments | GitLab
This post does not outline any new vulnerabilities in Google Cloud Platform but outlines ways that an attacker who has already gained an unprivileged foothold on a cloud instance may perform reconnaissance, privilege escalation and eventually complete compromise of an environment.
cloud  gcp  pentest  redteam  privilegeescalation  privesc  pentesting 
3 days ago
Testing your RedTeam Infrastructure - XPN InfoSec Blog
And there we have it, an example of how we can use a testing and a CI pipeline to keep our RedTeam infrastructure in good shape. Hopefully this overview can be of use, expect more posts on this topic to follow in the near future.
redteam  pentest  c2  terraform  devsecops 
3 days ago
(429) https://twitter.com/i/web/status/1228355180468559875
I used to make a lot of effort to attend cons and meetups, but truth is I'm a time-constrained introvert…
4 days ago
Twitter
“It looks like you’re trying to write a Valentines Day note to someone below you in the reporting structure.”
4 days ago
Twitter
Katie is still in the ICU as of this morning, but they lowered her oxygen flow so she could finally eat and her vit…
4 days ago
Daily UI Design Challenge, Inspiration, and Resources
Daily UI is a series of daily design challenges
design inspiration and neat surprise rewards.

Oh, and it's 100% free. Pretty cool, huh?
tech  education  resources  UI  learning 
4 days ago
(429) https://twitter.com/theregister/status/1227837858985185281
RT : «some lucky locksmith in Los Angeles is going to have to drill out IANAs DNSSEC safe’s locking mechanism»
5 days ago
(429) https://twitter.com/G_IW/status/1227700420178567170
My takeaway is that if your (pre-job-age) kid can afford a WiFi Pineapple you are giving out too much allowance.
5 days ago
(500) http://www.dyson.co.uk/
For your reference, , this is my DNS enum methodology.

subfinder -d "" -o dns.t…
5 days ago
Twitter
For your reference, , this is my DNS enum methodology.

subfinder -d "" -o dns.t…
5 days ago
Twitter
Awesome for you and great for your father for helping set you on a positive path early in life! It’s a great way fo…
5 days ago
gaul/awesome-ld-preload: List of resources related to LD_PRELOAD, a mechanism for changing application behavior at run-time
This is a list of resources related to LD_PRELOAD, a mechanism for changing application behavior at run-time. Libraries can override specified functions with another, for example, making time(3) always return 0. This is often useful for testing or modifying application behavior without source code changes.
programming  ld_preload  linux  c 
5 days ago
(429) https://twitter.com/i/web/status/1227615191396802562
Me: Computers make your life easier and are totally awesome tools for amazing engineering!

Also Me: I cannot get M…
6 days ago
Twitter
How to limit your screen time.
6 days ago
Twitter
"I'm a hacker"
- pretentious
- incites fear
- possibly criminal

"I yeet dipshit computers into a blender"
- exciti…
6 days ago
Proxying and Intercepting CLI Tools - ropnop blog
The general use case for a tool like Burp or mitmproxy is to configure a browser to communicate through it, and there are plenty of write-ups and tutorials on how to configure Firefox, Chrome, etc to talk to Burp Suite and to trust the Burp self-signed Certificate Authority.

However, I often want/need to inspect traffic that comes from other tools besides browsers - most notably command line tools. A lot of CLI tools for popular services are just making HTTP requests, and being able to inspect and/or modify this traffic is really valuable. If a CLI tool is not working as expected and the error messages are unhelpful, the problem can become obvious as soon as you look at the actual HTTP requests and responses it’s making/receiving.
cli  proxy  burp  webapp  pentest 
6 days ago
Twitter
Big Borg cube arrives at Earth:

Borg: You will be assimilated

Humans: Why tho?

B: Oh, people usually don’t ask t…
7 days ago
Twitter
What on earth is this horseshit
7 days ago
Twitter
I care less about what style they go with than that they pick one, at least for D.C. itself.…
8 days ago
Twitter
If I'm elected president, my first executive order will require all new federal buildings to be based on Googie arc…
8 days ago
Calling Bullshit — Syllabus
Our world is saturated with bullshit. Learn to detect and defuse it.
bullshit  course  reference 
8 days ago
Certified Kubernetes Admin (CKA) exam tips – Automate-IT.today
I recently passed the certified Kubernetes Admin exam. Head here for more info on the program. The CKA exam is a live lab exam and I heard from quite a few people that they struggled to complete all tasks within the 3 hours you’re allotted to finish the exam. Since I finished the exam early (29 minutes left on the clock) I thought I’d give some hints that will save you some time during the exam. So here goes.
kubernetes  k8s  cka  certification 
8 days ago
Twitter
RT : Hi speaking as the guy you all called to learn about 8chan last year DO NOT DO THIS YOU STUPID BASTARDS
11 days ago
(429) https://twitter.com/i/web/status/1225454762944016386
"Well I don't care, there is still no skills gap, I'm just not paid enough!" OK Zoomer. But they're not giving yo…
12 days ago
(429) https://twitter.com/i/web/status/1225453971491426304
"Well the industry's estimate of what a reasonable amount of risk is is wrong! Look at all the breaches." Is it w…
12 days ago
(429) https://twitter.com/i/web/status/1225453626983944192
"Well then the whole industry needs to pay more." Well yes, except that's not how pricing equilibria work. The in…
12 days ago
(429) https://twitter.com/i/web/status/1225453146543095809
"Hire junior people and train them." We do, but not for the occasional senior slot we get, which is posted senior…
12 days ago
(429) https://twitter.com/i/web/status/1224872270616723457
RT : A soliloquy:

Tomorrow, and tomorrow, and tomorrow,
Creeps in this petty pace from meetup to meetu…
13 days ago
Twitter
John Bolton texting “you knew I was a snake when you let me in” to Trump rn
13 days ago
Twitter
I love 's PTF so much, `git clone was literally my first command on my new lapt…
13 days ago
(404) https://t.co/omXeWKlJOj%60
I love 's PTF so much, `git clone was literally my first command on my new lapt…
13 days ago
Twitter
Hey friends, I don't really have the emotional stamina to go into it right now but my day today was real good and t…
13 days ago
(429) https://twitter.com/i/web/status/1224793942190780416
RT : Hey guys, was let go from my job today 😟. If anyone has any leads, please let me know. I’ve attached my resume. Ref…
13 days ago
Twitter
Bug Hunting Tip: Every time you find the word "PROXY" in a URL, ask it for fun stuff.
13 days ago
Martin Heinz - Personal Website & Blog
There are plenty of articles written about lots of cool features in Python such as variable unpacking, partial functions, enumerating iterables, but there is much more to talk about when it comes to Python, so here I will try to show some of the features I know and use, that I haven't yet seen mentioned elsewhere. So here we go.
tips  programming  python 
14 days ago
guyinatuxedo/nightmare
It's true there are a lot of resources out there to learn binary exploitation / reverse engineering skills, so what makes this different?

* Amount of Content - There is a large amount of content in this course (currently over 90 challenges), laid out in a linear fashion.

* Well Documented Write Ups - Each challenge comes with a well documented writeup explaining how to go from being handed the binary to doing the exploit dev.

* Multiple Problems per Topic - Most modules have multiple different challenges. This way you can use one to learn how the attack works, and then apply it to the others. Also different iterations of the problem will have knowledge needed to solve it.

* Using all open source tools - All the tools used here are free and open sourced. No IDA torrent needed.

* A Place to Ask Questions - So if you have a problem that you've been working for days and can't ge
exploitation  reverseengineering  assembly  tutorial  course 
14 days ago
Twitter
RT : My candidate drops out
14 days ago
(429) https://twitter.com/Phineas/status/1221598425290039296/photo/1
RT : Remember, Marcus Aurelius has already absolved you of the duty of having a take
15 days ago
Twitter
A big experiment by as they try to stream the in 4K for the first time. The stream was nice a…
15 days ago
Twitter
Dear Test Creators of the World,
Some of us have dyslexia. That means we don't see things like everyone. That means…
15 days ago
Exercism
Level up your programming skills with 3,284 exercises across 51 languages, and insightful discussion with our dedicated team of welcoming mentors. Exercism is 100% free forever.
learning  programming  development  code  practice  challenges  compsci 
15 days ago
Twitter
I understand stereo audio for normal streams, but for a 4K stream? People streaming this way went out of their way…
15 days ago
query_winetw_providers - Jupyter Notebook
You can use this notebook to look for specific field names on every ETW provider available in the OSSEM project
ossem  logging 
15 days ago
Twitter
you’d think a country with two million religious minorities locked away in concentration camps would be more famili…
16 days ago
Twitter
Another example of bad optics:
16 days ago
Twitter
Another example of bad optics:
16 days ago
Twitter
When you're worried about coronavirus but also really want that issue with the Kobe memorial insert
17 days ago
(429) https://twitter.com/i/web/status/1223305055291527169
Consider how amazing the human mind is. We have to process all of this when driving too. Well, maybe not the yiel…
18 days ago
Introducing the OWASP Nettacker Project - Speaker Deck
OWASP Nettacker project was created to automate the information gathering, vulnerability scanning and in general to aid the penetration testing engagements. Nettacker is able to run various scans using a variety of methods and generate scan reports for applications and networks, including services, bugs, vulnerabilities, misconfigurations, default credentials and many other cool features - for example an ability to chain different scan methods.
scan  scanner  webapp  owasp  security 
18 days ago
mre/awesome-static-analysis: Static analysis tools for all programming languages
This is a collection of static analysis tools and code quality checkers. Pull requests are very welcome!
tools  programming  static-analysis  apps  webapp 
18 days ago
How to Run PowerShell Commands on Remote Computers
PowerShell Remoting lets you run PowerShell commands or access full PowerShell sessions on remote Windows systems. It’s similar to SSH for accessing remote terminals on other operating systems.
powershell  remote  windows  microsoft  winrm 
18 days ago
Twitter
RT : Charges have been dropped against two men contracted by the judicial branch to test courthouse security.

"Ultimate…
18 days ago
Twitter
Good sec e-mail newsletters: tl;dr sec, Axios Codebook, OODA Loop, Politico's Morning Cybersecurity, The Hill's Hil…
19 days ago
Twitter
RT : This is the sharpest movie of the Sun ever made. Even at this fine resolution, the scale is enormous; each plasma c…
19 days ago
Twitter
Passive voice. Sometimes it can work okay, but it is not always useful in a prescriptive report. I…
20 days ago
Twitter
AppSec is only a (small) piece of a security program.

If you focus 90% on AppSec and have no detection/response, y…
20 days ago
Twitter
RT : Working on starting a career in ? Trying to land that first job? I'm doing research and you can help me he…
20 days ago
Twitter
I am the author behind this now viral tweet. I own my mistake, and now I rock it.
20 days ago
(429) https://twitter.com/i/web/status/1222172653886283776
Just accidentally deleted 23TB of data on my NAS at home by moving too fast while RDPed into something on my iPhone…
21 days ago
Twitter
Now that I've officially given notice: I apologize for the subterfuge, but this is me. I'm still looking! Happy to…
21 days ago
Twitter
Yeah, I'm getting the max there by unrealistically assuming each battery will fail the instant the war…
21 days ago
Twitter
$1.96 this morning for E85 (Texas), 38 mpg highway for my nearly all highway commute = $0.0515. Grant…
21 days ago
Twitter
Batteries are only warrantied for 100k miles. If you have to replace them 3 times at your expense to…
21 days ago
Targeted Active Directory Host Enumeration | TrustedSec
I have seen environments that have stale 10-year-old records in their AD database where half or more of the records are of hosts that no longer exist. This complicates the matter for a consultant conducting attack emulation or for a threat hunter trying to identify assets. I know I can use the LastLogon date of the machine, but since I use the machine’s extracted credentials for other purposes in several scenarios, I prefer to use the last time the machine changed its password.
activedirectory  recon  security  pentest 
21 days ago
KubeCon NA 2019 Tutorial Guide
Welcome to the Attacking and Defending Kubernetes Clusters: A Guided Tour Walkthrough Guide, as presented at KubeCon NA 2019. We'll help you create your own Kubernetes environment so you can follow along as we take on the role of two attacking personas looking to make some money and one defending persona working hard to keep the cluster safe and healthy.
kubernetes  tutorial  security 
21 days ago
specterops/at-ps: Adversary Tactics - PowerShell Training
SpecterOps recently decommissioned our PowerShell course and rather than letting it collect dust, we wanted to offer it up to the community for free in the spirit of our commitment to transparency.
security  powershell  pentest  redteam  training  offensive 
21 days ago
Flamingo Captures Credentials — Atredis Partners
Flamingo is not Responder. Responder is an amazing tool that listens on the network, responds to name requests, and captures credentials. While the main goal of Responder is to coerce systems on the same broadcast domain into sending it Active Directory credentials, Flamingo takes a more passive approach, and does not actively solicit connections through LLMNR or NetBIOS responses. For most scenarios where you want to capture Active Directory credentials, Responder is still your tool of choice.
security  tools  credentials  redteam 
21 days ago
Twitter
I think roaches are Marlboro Men. I'll bring a can of Aquanet. Freeze them first, then give them a last ciga…
24 days ago
« earlier      
per page:    204080120160

Copy this bookmark:





to read