OJ @OJ@mastodon.social
Authorised Intruder @ Beyond Binary | Builder & Breaker | MSF Committer | Corelan Member | Climber | Runner | Aussie | buffered.io | beyondbinary.io
https://photos.app.goo.gl/B5grnNHBwZPsgxcA2 <~ did this at the end of my 3 hour session. didn't quite latch the last move, but still managed to do oK :) should have recorded one of the first three attempts instead of the fourth! #climbing #campusboard
I think I'm going to rebrand to "Thumb-in-Butt Security". It actually reflects how productive offensive security people are when on site with a client that needs assessments done ASAP but are never actually ready to do anything.
Running proxmox on my new Nuc was a fucking brilliant idea. That device is really nice, and having a lab run on non-desktop hardware is awesome. Pfsense, pihole and two virtual labs all running nicely.
Recommended for those out there looking to have a small home lab set up for testing of $STUFF.
The beach volleyball finals were awesome
The security field has a scary number of elitist jerks in it. It's sad, scary, and clearly detrimental.
Feel the need to reshare a little thing I tell myself every day...
"Try to be less of a dick today than you were yesterday."
I think a bunch of us need to do this.
I love Sundays.. except the ones where I have to work.. like today.
At least the weather sucks.
.
God damned Ubiquiti USG died overnight, and it fucks with everything! Can't do anything smart on the network without one. Ugh.
This app really is what Twitter promised to be but failed to deliver on.
The simplicity great, and the linear timeline not filled with shit is even better.
Them: We'd like some security work done.
Me: Sure, this is how it works...
Them: Great! Let's do it.
Me: Sure, this is the timeline/cost...
Them: oh... it costs money?
Me: ...
Them: <smoke bomb/disappears>
Seems that most people love the idea of having a $THING secured, but they refuse to pay for it.
Security isn't an overhead, people! It's an investment. It's insurance. It shows you give a shit about something you really should give a shit about.
"You can't put a price on regularity" -- my father in law.
Want to know how bland and boring the 2018 Commonwealth Games opening ceremony was?
Even Camilla couldn't resist reading a magazine instead of paying attention!
Seen some more evidence of security people thinking they don't have to give a shit about copyright infringements.
It's the small things, folks. Even using an image on your site without appropriate attribution shows that you don't give a shit.
We can and need to do better.
So after CloudFlare came out with 1.1.1.1 and 1.0.0.1 I decided to get the whole house to use them on all networks for DNS stuff. But in the process, I put a pi-hole in the way to sinkhole any DNS requests that leak privacy/telemetry/etc data, including trackers and ads.
I'm amazed at how many requests are being blocked. Approximately 20% of the requests are considered sinkable. Nuts.
Worth checking out if you have time.
GEF is looking pretty slick! https://github.com/hugsy/gef/releases/tag/2018.04 Good to see alternatives to peda. The features look really great too.
So am I right in thinking that even when you make every attempt to disable and turn of Windows telemetry, it still does shit behind the scenes? Is this one of their telemetry domains?
I'd actually consider running my own Mastodon node so that it's personalised, however the thought of running more public-facing software on any infra I control/own scares me to death :)
Checking in again, hoping to see more people move over to this instead of the clusterfuck that twitter has become.
I keep coming back to Mastodon to see if there's any activity, but unfortunately there's very little. It seems beyond the initial flurry, people have returned to the Twitter clusterfuck. Am I the only one seeing this?
