Pinned toot

Got a small tip for those doing . When using -- to comment, add a space and another -. MySQL-like engines need whitespace and a character following the -- to know its a comment, and most forms trim whitespace from input values. See:

Got a chance to tell a story on with Jack Rhysider.

Ep 36: Jeremy from Marketing

"A company hires a penetration tester to pose as a new hire, Jeremy from Marketing, to see how much he can hack into in his first week on the job. It doesn’t go as planned."

You can listen to it here:

Listening to @JohnsNotHere episode 27 on mental health. Great show, John!

Show John some love, everyone! !

This one drives me nuts:

I have worked with a few people who shared this opinion, and the answer is always the same. If you need to blame the end user, then you're not doing the job right. When I developed software, I was a fan of ensuring basic controls to avoid problems. I was often overruled in favour of more knobs, etc, to turn, which in turn caused problems. This is just more of the same. Don't blame end users, take pride in your own damn work!

So I've registered some new domains for some phishing exercises, and one of my TLDs (.us) didn't give me an option for anonymous WHOIS registration. I'm shocked at how quickly I've been spammed because of this fact. Mental note, next time fake my own WHOIS records as well!

New episode of Purple Squad Security is out now! John The Generalist, where I go solo and ramble about being a generalist within Information Security rather than a dedicated red or blue team practitioner. Listen if you like rambling.

Good morning world. What questions drive you today? What is the answer you are looking for? Me? I'm brushing up on my offensive fundamentals because I'm feeling unworthy and rusty.

The more you say, the less they hear. This is true when we communicate to executives, other teams, students, etc. Not everyone speaks "cyber" as they know it, and the more we drone on the less they will listen.

The latest Purple Squad Security podcast episode is here! Chris Foulon joins me for a fireside chat to talk about breaking into .

#Privacy? I don't have anything to hide.

> Over the last 16 months, as I've debated this issue around the world, every single time somebody has said to me, "I don't really worry about invasions of privacy because I don't have anything to hide." I always say the same thing to them. I get out a pen, I write down my email address. I say, "Here's my email address. What I want you to do when you get home is email me the passwords to all of your email accounts, not just the nice, respectable work one in your name, but all of them, because I want to be able to just troll through what it is you're doing online, read what I want to read and publish whatever I find interesting. After all, if you're not a bad person, if you're doing nothing wrong, you should have nothing to hide." Not a single person has taken me up on that offer.

-- Glenn Greenwald in Why privacy matters - TED Talk #quotes #infosec

Do you have children? Please do me a favor and teach them cursive writing and how to use a fountain pen. I know phones and DocuSign are all the rage, but these basic skills should never die out.

Anyone have an easy way to extract "AlternativeText" from embedded images in a Word document via Linux? Asking for a friend.

Episode 50 – Tabletop D&D with Tim De Block, Ed Rojas, Daniel Ebbutt, and Kyle Andrus

It's that time again!  Yes, another Tabletop D&D episode is upon us!  This time I asked Timothy de Block from the Exploring Information Security podcast to join me, along with a few interesting characters.  Let's just say this particular episode is not for the faint of heart, and w

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.