incognitjoe @incognitjoe@mastodon.social

If you've ever pulled an old webpage out the Wayback Machine, or made use of their copious collections of old audio, music and film, drop by https://archive.org/ and give them a few $$ during their fundraising drive. Keep the history of the web alive!

So, there's a Chinese botnet package known as "Destroyer" (破坏者).

It, ironically, can itself be destroyed, thanks to a stack buffer overflow.

I wasn't able to get full RCE, but a jump to "call ExitProcess" should be enough, no? It can be triggered directly after "start DDoS", for even more lulz.

Here's the exploit: https://gist.github.com/Wack0/d0aa7f56d5d044fb918056207d2149b1

And here's a bot sample hash: b17535de8061dce3d6630e92d601ebe1ebac44ed52b3a04a8bb72f6661f23d44

Let's #destroythedestroyer :)

#infosec #botnet #exploit

It is a truth universally acknowledged, that a newly booted web server must be in want of a bot constantly attacking /wp-login.php

Man am I glad that Snowden isn't here, shitting this place up too.

another day volunteering at the richard dawkins museum. everyone keeps asking me what they can take through security. honey,

Ah, the lovely part where I finish (part of) a thing and get to close 20 tabs.

YOU: Hangs mirrors around your bedroom to foster a larger sense of space.
ME: Paints the walls, ceiling, and floor with Vantablack® to manifest a cold and infinite void.

Brilliant <thing on other network we don't talk about> by @Mudge:

https://twitter.com/dotmudge/status/850385568148140033

"This is a brilliant tactic. There are so many others like this because the AV community keeps thinking this is a one-move game... Kudos!"

That definition of the strategy of the AV community is absolutely perfect. Depth: zero.

frog tips needs to come to mastodon.

Twitter sued Customs and Border Protection for trying to unmask one of their pseudonymous alt agency accounts. Within 24 hours of Twitter filing the lawsuit, the government withdrew its subpoena. What happened here?

I explain it all: https://motherboard.vice.com/en_us/article/alt-twitter-account-trump-customs-lawsuit

I worked for a company in the past―a distributed company. We had a policy that all developers should be able to recreate their development environment within an hour of putting a bullet through their current one. Good policy. Kept everything distributed, and lightweight :)

https://mastodon.social/media/xH9DRSbd8bAOwNLIXHM this is the collection so far. Each of them is a memento. Each of them holds a memory.

@da_667 https://www.humblebundle.com/books/python-book-bundle Link for the lazy.

and while I'm talking about books and technology training materials, I wrote a thing. blindseeker.com/AVATAR

Have you ever wanted to build your own VM lab? or know someone who wants to break into IT? Blue team? Red team? and needs to know how to stand up their own? Check out the book I wrote.

This guy is having a tough time right now https://github.com/tootsuite/mastodon/issues/1002

https://mastodon.social/media/KYixfl0XiBrXonCAUZQ nice

AWOOOOOOOOOOOOOOOOOO

https://motherboard.vice.com/en_us/article/mastodon-is-like-twitter-without-nazis-so-why-are-we-not-using-it https://mastodon.social/media/wlfu-uR1xV3iHKrovZs

Mastodon: Where infosec people went to talk existentially about social media platforms rather than, you know, be social.