With soon upon us, if anyone in the Fediverse is interested in joining in, Purple Squad Security has a small group of people lined up to work on it and share our experiences with each other. If you've never done a CTF, consider joining us! We do this via our Slack, which you can join via signup.purplesquadsec.com

That settles the story by Bloomberg. Independent investigation by a third party reveals no proof of tampering by the Chinese. Bloomberg you've published a bullshit story again
techcrunch.com/2018/12/11/supe

Did I just record a story with @tinker ? Yes, yes I did. And now I need to find some appropriate backing tracks for our chat...

Oh! Hi Mastodon, I didn't see you there for a minute. Let me just sit down and relax for a bit. It's so much more sane here...

It's really amazing to see how a change of scenery can change your own personal view of your skills. Surrounding yourself with crazy smart people can kickstart those creative juices and distract you from your own imposter syndrome, if only for a few weeks. Now I'm researching Beyond Corp, osquery, and raspberry pi hacking! I just got myself an early Christmas present. 🤗

pi-hole has been successfully installed and setup as my local DNS server. Now I wait to see who notices.

I'm looking at alternative hobbies to take my mind off of infosec. I do a bit of macrame, and I'm now leaning towards trying leather craft. What do you do as an alternative to your day job?

Operating one's own local DNS resolution servers is one of the simplest and lowest-cost things an IT administrator can do to monitor and protect applications, services, and users from potential risks.
darkreading.com/vulnerabilitie

RT @xychix@twitter.com
Building resilient C2 infra using DNS over HTTPS as a backup trigger. An example of how (and why!) to build layers and differentiation into your C2 channels. Including a cool example on hiding your payload in a robots.txt file. Blog post here: outflank.nl/blog/2018/10/25/bu

Question for the bloggers out there. I'm looking for a nice, simple, hosted blog system for my static site. No desire to mess around with static pages, etc, and I don't want to go with Wordpress. Free would be best, but if it's reasonable I'm willing to subscribe. Leaning towards Medium, but I'm not a fan of their "limit of 3 articles per month" model for readers. Thoughts/suggestions?

Got to speak at my local library tonight about . 5 people in total, 4 in their 60s. It was more rewarding than speaking to a group of 500 infosec professionals because I got to share information that people didn't know. They were all pretty sharp, and were more savvy than I thought. Remember, we want to help secure the world, so start with those who are willing to learn, regardless of their age.

I've been trying to move into an offensive role, mainly due to the lack of challenge/direction in my present role. A friend accused me of being picky because I turned down roles that are similar to what I've done but don't honestly interest me because it's mostly around policy, documentation, and enforcement. When is the search for a challenge being picky?

Mastadon is like the lazy river of social media
Thanks @jerry, this is nice. I only have mild impostor syndrome here, but far less rage and disgust. 😊

Of all the companies in the world, the one I would least like to put a camera and microphone in my home is Facebook.

(And yes, I’m including you YouPorn)

Here is Patrick Gray’s most excellent special recording regarding the Bloomberg Supermicro/Apple/Amazon debacle: risky.biz/RB517_feature/

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.