JohnsNotHere 
@JohnsNotHere@infosec.exchange
- EliteSec
- https://elitesec.io
- Podcast
- https://purplesquadsec.com/
Founder of EliteSec.io, podcaster, father, and knowledge junkie. Defender of the Oxford comma and lover of good BBQ. Toots are my own, but YMMV.
Joined Aug 2018
Pinned toot
Times are a bit rough right now, and at EliteSec we'd like to do our part to help. If you are a SMB with less than 250 employees, we are offering a flat-fee network scan to ensure your company's WFH setup is secure.
https://elitesec.io/blog/scanning-smb-networks-during-covid-19/
Pinned toot
Hey everybody. In the interest of giving back to the community (and the fact that I *really* need to start advertising more), my company (EliteSec) has created a simple project for setting up Sonarqube to test against your own codebase.
Sonarqube is an open source static code analysis tool. I've created a simple Vagrant script that will:
1. Download an Ubuntu 18.04 VM
2. Install Docker
3. Install Sonarqube
4. Setup all routing for your local machine.
Check it out:
Pinned toot
May the next decade treat you better than the last one. May the best of your past be the worst of your future. May intelligence and compassion guide you, and may the voice of reason temper your emotions. You are capable of anything - don't waste the opportunity.
Pinned toot
Incorporation is complete, I can start making noise about https://elitesec.io
For those who are looking for #pentesting #vulnerabilityassessments or just #infosec help, make sure to consider us. We're based in Canada, but happy to help whomever we can reach. Many thanks!
Times are a bit rough right now, and at EliteSec we'd like to do our part to help. If you are a SMB with less than 250 employees, we are offering a flat-fee network scan to ensure your company's WFH setup is secure.
https://elitesec.io/blog/scanning-smb-networks-during-covid-19/
JohnsNotHere
boosted
boosted
I just joined Twitch so I can participate in a free Security+ course being done by @marcusjcarey on Tuesdays and Thursdays. Unemployed people who want to change career paths should get on this. It's going to be awesome and he's going to have a bunch of hands-on stuff that can help you learn how to be a security analyst. https://www.pscp.tv/w/1mnGeQYYREoGX#
So, has anyone done any research into netflixparty.com yet? I haven't had time to dissect it yet, but I'm curious.
For those who didn't know, I started my own company called EliteSec. Here's the latest blog post I wrote up about actions to take if you find the majority of your organization working from home. Enjoy!
Are you concerned about Privacy? A good friend is working on a pretty amazing project and could use some exposure. Check out Projekt: Oni!
That should read "ONE of my only complaints". ;-)
My only complaint is the lack of logging, which makes monitoring who's connected from where a bit of a pain, but it depends on your use case.
Gotta say I"m deeply impressed by Wireguard.
New Podcast Episode - A Casual Conversation with The Cyber Mentor
Tell me a story Fediverse. Today is not a great day so far, and I'd like to hear something nice.
Very cool, I just discovered how to use Lambda@Edge on AWS to get my simple website to setup proper HTTP headers so I don't have issues with these "all-in-one" scanners that give you a letter grade for your website.
Even though I'm using a static site generator, hosting on S3, fronted by Cloudfront, it never hurts to make sure your site is passing these basic tests since you never know how your clients may evaluate you.
https://securityheaders.com/?q=elitesec.io&followRedirects=on
Hey everybody. In the interest of giving back to the community (and the fact that I *really* need to start advertising more), my company (EliteSec) has created a simple project for setting up Sonarqube to test against your own codebase.
Sonarqube is an open source static code analysis tool. I've created a simple Vagrant script that will:
1. Download an Ubuntu 18.04 VM
2. Install Docker
3. Install Sonarqube
4. Setup all routing for your local machine.
Check it out:
JohnsNotHere
boosted
boosted
The C2 Matrix currently has 35 command and control frameworks documented in a Google Sheet, web site, and questionnaire format.
https://docs.google.com/spreadsheets/d/1b4mUxa6cDQuTV2BPC6aA-GR4zGZi0ooPYtBe4IgPsSc/edit#gid=0
Happy Wednesday peeps.
JohnsNotHere
boosted
boosted
I can recommend this Humblebundle:
Cybersecurity 2020 by Wiley.
Don't forget to change the distribution of the money in favor of the charity ;-)
JohnsNotHere
boosted
boosted
looking for work, please boost
New Podcast Episode!
Mul-Tea-Factor with Kat Sweet
Episode 70 - Mul-Tea-Factor with Kat Sweet
https://purplesquadsec.com/episode/3fd15325affa4d66/episode-70-mul-tea-factor-with-kat-sweet
JohnsNotHere
boosted
boosted
"Fox Kitten" Campaign
Info on techniques/methods:
Pre-access/Access Tools:
VPN system vulnerabilities
A pre-access tool
Local priv esc tools
Juicy Potato, Procdump, Mimikatz, Sticky Keys, other accessibility tools settings, local admin user
Lateral movement tools:
STSRCheck, port.exe, Invoke the Hash
Backdoor/C&C tools:
POWSSHNET, socket based backdoor for socket opening, servo, Ngrok, FRP, webshells, archives (winrar, z-zip)
Summary: https://www.clearskysec.com/fox-kitten/
Full: https://www.clearskysec.com/wp-content/uploads/2020/02/ClearSky-Fox-Kitten-Campaign-v1.pdf
JohnsNotHere
boosted
boosted
#PSA: Visual Studio Code is actually just an amazing, free, open source project called VSCodium with microsoft telemetry (read tracking) added in.
Skip the tracking, ditch the bloat, and go straight to the source.
JohnsNotHere
boosted
boosted
Coronavirus Dashboard
- EliteSec
- https://elitesec.io
- Podcast
- https://purplesquadsec.com/
Founder of EliteSec.io, podcaster, father, and knowledge junkie. Defender of the Oxford comma and lover of good BBQ. Toots are my own, but YMMV.
Joined Aug 2018
