Pinned post

So if someone made a podcast about security that's aimed at the C-Level, would you listen to it? Not the usual deep, technical, jargon but rather aimed at executives. No news, just best practices.

Please boost for maximum coverage.

Pinned post

Hey everybody. In the interest of giving back to the community (and the fact that I *really* need to start advertising more), my company (EliteSec) has created a simple project for setting up Sonarqube to test against your own codebase.

Sonarqube is an open source static code analysis tool. I've created a simple Vagrant script that will:

1. Download an Ubuntu 18.04 VM
2. Install Docker
3. Install Sonarqube
4. Setup all routing for your local machine.

Check it out:

github.com/EliteSec-io/vagrant

Pinned post

Incorporation is complete, I can start making noise about elitesec.io

For those who are looking for or just help, make sure to consider us. We're based in Canada, but happy to help whomever we can reach. Many thanks!

I finally fired Google. In this post I write about how I got locked in, how I got out, and what took me so long. #privacy puri.sm/posts/i-finally-fired-

Working on some Kubernetes Security training. I want the first slide to simply read "DON'T", but they won't pay me for that, so down to the 9th circle of hell I go!

Whayts with EV cults? Tesla seems to create two extreme camps, the lovers and the haters. I think EVs are great, lots to learn for sure, but great. I'm not a fan of Tesla due to Elon being an ass, but also because the cars all look the same. I'm waiting for an Ioniq 5 to be delivered (being built in March), and I'm giddy. Any other EV fans?

RT @violetblue
This is wild. An attacker leveraged Amazon Marketplace to drain $20K out of TOOOL's funds - and Amazon is *not* helping them.

The Open Organisation of Lockpickers is a nonprofit. If you can kick in a few bucks, they do great work: paypal.com/donate/?hosted_butt twitter.com/toool/status/14767

I finished my final report for the year, and I have a few weeks off before my next engagement. I guess this means I should be more social or something now? Whatever, hello Fedi, it's been a while!

It's funny, when I find I have a moment of free time I do a deep dive on frivolous things. Lately it's been wallets. Not a fan of the giant "costanza wallet", but I'm picky with my wallets too. These hardback "minimalist" wallets like the Ridge are just a rip-off. I bought the original HuMn before Ridge became popular, and I hated it. My goto is Big Skinny wallets, but now I'm thinking of going back to a SlimFold. That was my all time fav.

tl;dr - human minds are weird.

End of an era. I just shut down the Purple Squad Security slack instance. Membership had dwindled over the past year, and to be fair I posted there even less than I do here, but still, it saddens me a bit.

I miss podcasting, but when I tried to get back into it, it was sooo draining and time consuming. Maybe I should just ask to be a guest somewhere instead. Gods know I like to talk...

Hello void, it's been a long minute. WHAT'S NEW WITH YOU?!?!

are harder than , IMO. Just switched my CRM from Hubspot to monday.com and I couldn't be happier. Hubspot was nice, but anything remotely powerful and you had to pay a massive fee. They tease you with it for sure, but not worth it IMO. Sure, a spreadsheet would work, but I want something "easier".

Tried the CRM template for monday.com. Found I'm 2 contracts away from going FT with EliteSec. Don't make the same mistake as me - invest the time and see what's what.

The Moonlander is really calling to me. Anyone with experience with it?

zsa.io/moonlander/

Months of silence should soon start to be lifted. Pieces are hopefully falling in place, but I anticipate the next few weeks to be particularly interesting and harrowing. Stay tuned...

Doing a pentest is 90% timing. I've just nearly finished an assessment and decided to try a few last things I had overlooked/delayed. Pulled that thread and this otherwise "decent" application is starting to fall apart. Might have to delay the final report by a day to catch up on all the findings. Love it.

Fingers crossed that this week ends up being a good one.

I'm arguing with someone at work about the use of a new DNS proxy, and the fact that I'm blocking porn. I'm about ready to tell him to go ask the CEO for permission to watch porn on his company-owned computer, and if he approves it, I'll remove the block.

Podcasters are not journalists, we don't have to protect our sources. Plus some of the logic jumps and arguments in this episode were just too much for me.

I've unsubscribed from Darknet Diaries. I've never been a Patreon supporter, but if I were then I would have been crazy pissed off about this.

Everyone is free to decide what they find acceptable for content, but this one was just too much for me. /fin

Show thread

Being a hacker is all about exploring boundaries and challenging norms. I do draw the line at hacks and such that cause harm to everyday people, and I sure as hell have no patience when it comes to hurting innocents like children.

This "porn trader" fits that "out of bounds" definition. I don't care if he's just trading itl he's *enabling* it. Telling them to just get rid of the evidence makes you an accessory, so WTF?!

Show thread

Surely this guy is going to prison, right? That's why Jack is speaking with him now? Nope. This guy reached out to Jack asking what to do, because he suddenly had grown a concious and wanted to know what to do. See, he's a porn collector, and he just happened to collect some CP as well. What does Jack say to do? Delete it and just stop dealing with it, and act as if it never happened.

No Jack, some lines should never be crossed. EVER.

Show thread

Fun fact - I applied to work at Kik as a Security Engineer back in 2018. I ultimately turned them down, but I thought this was interesting.

The guests were the usual mix of hackers or other underground individuals, but there was a difference with one of them. Jack altered his voice, which was a first as far as I can recall. Why?

Well, later in the episode you hear that this guy was also trading in this ilicit material. Not producing, but distributing.

Show thread
Show older
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.