JohnsNotHere 
@JohnsNotHere@infosec.exchange
- Podcast
- https://purplesquadsec.com/
#Podcaster, Father, #Infosec and knowledge junkie. Defender of the Oxford comma and lover of good BBQ. Toots are my own, but YMMV.
Joined Aug 2018
Pinned toot
Got a small #SQLi tip for those doing #KringleCon. When using -- to comment, add a space and another -. MySQL-like engines need whitespace and a character following the -- to know its a comment, and most forms trim whitespace from input values. See: http://www.mysqltutorial.org/mysql-comment/
Episode 50 – Tabletop D&D with Tim De Block, Ed Rojas, Daniel Ebbutt, and Kyle Andrus
It's that time again! Yes, another Tabletop D&D episode is upon us! This time I asked Timothy de Block from the Exploring Information Security podcast to join me, along with a few interesting characters. Let's just say this particular episode is not for the faint of heart, and w
JohnsNotHere
boosted
boosted
runc container breakout PoC
https://github.com/feexd/pocs/blob/master/CVE-2019-5736/exploit.c
(via Frank Denis on birdsite)
JohnsNotHere
boosted
boosted
VFEmail suffers 'catastrophic' attack, as hacker wipes email service's primary and backup data.
https://www.grahamcluley.com/vfemail-suffers-catastrophic-attack-as-hacker-wipes-email-services-primary-and-backup-data/
Anyone out there have experience with deploying the NIST CSF in a commercial environment? I'd like to bounce some thoughts off of someone.
JohnsNotHere
boosted
boosted
Defensive Security Podcast Episode 233
https://defensivesecurity.org/defensive-security-podcast-episode-233/
JohnsNotHere
boosted
boosted
Jack Rhysider from “Darknet Diaries joins us on the latest "Smashing Security" podcast to chat about his interview with the elusive Hacker Giraffe, how a death is preventing cryptocurrency investors from reaching their money, and how ‘beauty camera’ apps are redirecting users to phishing websites and stealing their selfies.
Full "Smashing Security" show and links to it in your favourite podcast app: https://www.smashingsecurity.com/114
Code of Conduct
Purple Squad Security Code of Conduct
Our Pledge
In the interest of fostering an open and welcoming environment, we as
contributors and members of the Purple Squad Security community pledge to making
participation in our channels and other parts of our community a harassment-free experience
for everyone, regardless of age, body size, disability, ethnicity, sex characteristics,
gender identity and expression, level of ex
JohnsNotHere
boosted
boosted
Every day should be Safer Internet Day. Here are my top five tips for improving your online security
https://www.grahamcluley.com/every-day-should-be-safer-internet-day/
It's amazing how your work history is hard to shed. I haven't done professional development for a few years now, yet I still get pinged by recruiters. Old jobs feel like the mob sometimes. Once you're in, you can never get out.
Purple Squad Security - Episode 49 – The Red Team Life with Curtis Brazzell
Curtis Brazzell from Pondurance joins me to talk about red teaming and managing red teams.
https://purplesquadsec.com/podcast/episode-49-the-red-team-life-with-curtis-brazzell/
I'm tired. Maybe teaching, working full time, running a podcast, trying to start up a side hustle, studying for some more certs and having two kids is a bit much.
Teacher's log - stardate 96665.15: It has been roughly 21 rotations since starting my latest mission, sharing knowledge amongst the inexperienced of this planet, but I find it rewarding. Exhausting, but rewarding. Will continue for foreseeable future.
JohnsNotHere
boosted
boosted
Important→ Someone hacked the official site of #PHP PEAR and replaced package manager (go-pear.phar) with a "tainted version"
https://thehackernews.com/2019/01/php-pear-hacked.html
If you have downloaded/updated #pearPHP package manager from its official site in past 6 months, consider yourself compromised. https://t.co/PUm7o9CP8S
Episode 48 – All About Magecart with Yonathan Klijnsma is now live!
https://purplesquadsec.com/podcast/episode-48-all-about-magecart-with-yonathan-klijnsma/
The more I read about SIEMs and "next-gen" SIEMs, the more I think a solid ELK stack will do me just fine. To be fair, I used to work for a SIEM vendor years ago, but I think a modern ELK stack with alerts for incidents I care about specifically may do me just fine.
Pst! Do you need CPEs for your CISSP, CISM, CISA, or CEH? Why not check out some free courses on Cybrary.it or even better, go listen to some security podcasts like Defensive Security (@jerry), Smashing Security (@gcluley) or even Purple Squad Security (me)! We're all entertaining and informative in our own rights, and you can get 1 CPE per hour. ;-) YMMV, but I'm a fan.
JohnsNotHere
boosted
boosted
So #Signal is supposed to be installed on a smartphone before you can use it on desktop? Unofficially, the desktop version is perfectly capable of creating new accounts. All you need is a number to receive an SMS or voice mail. Here is how.
JohnsNotHere
boosted
boosted
Being paid to quit Facebook.
Purple Squad Security - Episode 47 – Happy New Year! Show Updates and Other News
https://purplesquadsec.com/podcast/episode-47-happy-new-year-show-updates-and-other-news/
JohnsNotHere
boosted
boosted
TheHackerGiraffe says he's retired from hacking smart TVs to promote PewDiePie
https://www.grahamcluley.com/thehackergiraffe-says-hes-retired-from-hacking-smart-tvs-to-promote-pewdiepie/
- Podcast
- https://purplesquadsec.com/
#Podcaster, Father, #Infosec and knowledge junkie. Defender of the Oxford comma and lover of good BBQ. Toots are my own, but YMMV.
Joined Aug 2018
