JohnsNotHere 
@JohnsNotHere@infosec.exchange
- Podcast
- https://purplesquadsec.com/
Podcaster, Father, Infosec and knowledge junkie. Defender of the Oxford comma and lover of good BBQ. Toots are my own, but YMMV.
Joined Aug 2018
With #KringleCon soon upon us, if anyone in the Fediverse is interested in joining in, Purple Squad Security has a small group of people lined up to work on it and share our experiences with each other. If you've never done a CTF, consider joining us! We do this via our Slack, which you can join via https://signup.purplesquadsec.com
JohnsNotHere
boosted
boosted
That settles the #SuperMicro story by Bloomberg. Independent investigation by a third party reveals no proof of tampering by the Chinese. Bloomberg you've published a bullshit story again #infosec #security #privacy
https://techcrunch.com/2018/12/11/supermicro-says-investigation-firm-found-no-spy-chips/amp/?__twitter_impression=true
Purple Squad Security - Episode 45 - Holiday Special - Storytime with @tinker
https://purplesquadsec.com/podcast/episode-45-holiday-special-storytime-with-tinker/
Did I just record a story with @tinker ? Yes, yes I did. And now I need to find some appropriate backing tracks for our chat...
Oh! Hi Mastodon, I didn't see you there for a minute. Let me just sit down and relax for a bit. It's so much more sane here...
It's really amazing to see how a change of scenery can change your own personal view of your skills. Surrounding yourself with crazy smart people can kickstart those creative juices and distract you from your own imposter syndrome, if only for a few weeks. Now I'm researching Beyond Corp, osquery, and raspberry pi hacking! I just got myself an early Christmas present. 🤗
JohnsNotHere
boosted
boosted
Thoughts About Counter-Forenics and Attacks on Logs
https://infosec.engineering/thoughts-about-counter-forenics-and-attacks-on-logs/
pi-hole has been successfully installed and setup as my local DNS server. Now I wait to see who notices.
I'm looking at alternative hobbies to take my mind off of infosec. I do a bit of macrame, and I'm now leaning towards trying leather craft. What do you do as an alternative to your day job?
JohnsNotHere
boosted
boosted
Operating one's own local DNS resolution servers is one of the simplest and lowest-cost things an IT administrator can do to monitor and protect applications, services, and users from potential risks.
https://www.darkreading.com/vulnerabilities---threats/benefits-of-dns-service-locality/a/d-id/1333088
JohnsNotHere
boosted
boosted
RT @xychix@twitter.com
Building resilient C2 infra using DNS over HTTPS as a backup trigger. An example of how (and why!) to build layers and differentiation into your C2 channels. Including a cool example on hiding your payload in a robots.txt file. Blog post here: https://outflank.nl/blog/2018/10/25/building-resilient-c2-infrastructues-using-dns-over-https/
Question for the bloggers out there. I'm looking for a nice, simple, hosted blog system for my static site. No desire to mess around with static pages, etc, and I don't want to go with Wordpress. Free would be best, but if it's reasonable I'm willing to subscribe. Leaning towards Medium, but I'm not a fan of their "limit of 3 articles per month" model for readers. Thoughts/suggestions?
JohnsNotHere
boosted
boosted
NCSAM Day 19: The Importance of Learning Offensive Tactics
https://infosec.engineering/ncsam-day-19-the-importance-of-learning-offensive-tactics/
Got to speak at my local library tonight about #cybersecurityawarenessmonth. 5 people in total, 4 in their 60s. It was more rewarding than speaking to a group of 500 infosec professionals because I got to share information that people didn't know. They were all pretty sharp, and were more savvy than I thought. Remember, we want to help secure the world, so start with those who are willing to learn, regardless of their age.
I've been trying to move into an offensive role, mainly due to the lack of challenge/direction in my present role. A friend accused me of being picky because I turned down roles that are similar to what I've done but don't honestly interest me because it's mostly around policy, documentation, and enforcement. When is the search for a challenge being picky?
Mastadon is like the lazy river of social media
Thanks @jerry, this is nice. I only have mild impostor syndrome here, but far less rage and disgust. 😊
JohnsNotHere
boosted
boosted
Of all the companies in the world, the one I would least like to put a camera and microphone in my home is Facebook.
(And yes, I’m including you YouPorn)
JohnsNotHere
boosted
boosted
Here is Patrick Gray’s most excellent special recording regarding the Bloomberg Supermicro/Apple/Amazon debacle: https://risky.biz/RB517_feature/
@InfoSecSherpa and I may not have gone to DerbyCon, but we had our own fun talking about Cyber Security Awareness Month: https://purplesquadsec.com/podcast/episode-41-cyber-security-awareness-month-with-tracy-maleeff/ #ginfosec #inforum
- Podcast
- https://purplesquadsec.com/
Podcaster, Father, Infosec and knowledge junkie. Defender of the Oxford comma and lover of good BBQ. Toots are my own, but YMMV.
Joined Aug 2018
