JohnsNotHere 
@JohnsNotHere@infosec.exchange
- Podcast
- https://purplesquadsec.com/
#Podcaster, Father, #Infosec and knowledge junkie. Defender of the Oxford comma and lover of good BBQ. Toots are my own, but YMMV.
Joined Aug 2018
Pinned toot
Got a small #SQLi tip for those doing #KringleCon. When using -- to comment, add a space and another -. MySQL-like engines need whitespace and a character following the -- to know its a comment, and most forms trim whitespace from input values. See: http://www.mysqltutorial.org/mysql-comment/
JohnsNotHere
boosted
boosted
Reducing security risks with centralized logging https://opensource.com/article/19/2/reducing-security-risks-centralized-logging
JohnsNotHere
boosted
boosted
Got a chance to tell a story on #DarknetDiaries with Jack Rhysider.
Ep 36: Jeremy from Marketing
"A company hires a penetration tester to pose as a new hire, Jeremy from Marketing, to see how much he can hack into in his first week on the job. It doesn’t go as planned."
You can listen to it here: https://darknetdiaries.com/episode/36/
JohnsNotHere
boosted
boosted
Defensive Security Podcast Episode 235
https://defensivesecurity.org/defensive-security-podcast-episode-235/
Purple Squad Security - Episode 53 - #Ginfosec with @InfoSecSherpa - All About Cons!
https://purplesquadsec.com/podcast/episode-53-ginfosec-with-infosecsherpa-all-about-cons/
JohnsNotHere
boosted
boosted
Listening to @JohnsNotHere episode 27 on mental health. Great show, John!
Show John some love, everyone! https://purplesquadsec.com !
JohnsNotHere
boosted
boosted
Post-Exploitation Hunting with ATT&CK & Elastic https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1533071345.pdf
JohnsNotHere
boosted
boosted
Interactive MITRE ATT&CK Navigator http://mitre.github.io/attack-navigator/enterprise (referenced from https://infosec.exchange/@superruserr/101872146055869466) #blueteam #infosec #mitre
This one drives me nuts:
https://www.zdnet.com/article/it-professionals-think-normal-people-are-stupid/
I have worked with a few people who shared this opinion, and the answer is always the same. If you need to blame the end user, then you're not doing the job right. When I developed software, I was a fan of ensuring basic controls to avoid problems. I was often overruled in favour of more knobs, etc, to turn, which in turn caused problems. This is just more of the same. Don't blame end users, take pride in your own damn work!
So I've registered some new domains for some phishing exercises, and one of my TLDs (.us) didn't give me an option for anonymous WHOIS registration. I'm shocked at how quickly I've been spammed because of this fact. Mental note, next time fake my own WHOIS records as well!
New episode of Purple Squad Security is out now! John The Generalist, where I go solo and ramble about being a generalist within Information Security rather than a dedicated red or blue team practitioner. Listen if you like rambling.
https://purplesquadsec.com/podcast/episode-52-john-the-generalist/
Good morning #infosec world. What questions drive you today? What is the answer you are looking for? Me? I'm brushing up on my offensive fundamentals because I'm feeling unworthy and rusty.
The more you say, the less they hear. This is true when we communicate to executives, other teams, students, etc. Not everyone speaks "cyber" as they know it, and the more we drone on the less they will listen. #personalphilosophy
The latest Purple Squad Security podcast episode is here! Chris Foulon joins me for a fireside chat to talk about breaking into #infosec.
https://purplesquadsec.com/podcast/episode-51-fireside-chat-with-chris-foulon/
JohnsNotHere
boosted
boosted
#Privacy? I don't have anything to hide.
> Over the last 16 months, as I've debated this issue around the world, every single time somebody has said to me, "I don't really worry about invasions of privacy because I don't have anything to hide." I always say the same thing to them. I get out a pen, I write down my email address. I say, "Here's my email address. What I want you to do when you get home is email me the passwords to all of your email accounts, not just the nice, respectable work one in your name, but all of them, because I want to be able to just troll through what it is you're doing online, read what I want to read and publish whatever I find interesting. After all, if you're not a bad person, if you're doing nothing wrong, you should have nothing to hide." Not a single person has taken me up on that offer.
-- Glenn Greenwald in Why privacy matters - TED Talk #quotes #infosec
Do you have children? Please do me a favor and teach them cursive writing and how to use a fountain pen. I know phones and DocuSign are all the rage, but these basic skills should never die out.
JohnsNotHere
boosted
boosted
Surviorship Bias and Infosec
https://infosec.engineering/surviorship-bias-and-infosec/
Anyone have a suggestion for a good #OSINT book?
Anyone have an easy way to extract "AlternativeText" from embedded images in a Word document via Linux? Asking for a friend.
Episode 50 – Tabletop D&D with Tim De Block, Ed Rojas, Daniel Ebbutt, and Kyle Andrus
It's that time again! Yes, another Tabletop D&D episode is upon us! This time I asked Timothy de Block from the Exploring Information Security podcast to join me, along with a few interesting characters. Let's just say this particular episode is not for the faint of heart, and w
JohnsNotHere
boosted
boosted
runc container breakout PoC
https://github.com/feexd/pocs/blob/master/CVE-2019-5736/exploit.c
(via Frank Denis on birdsite)
- Podcast
- https://purplesquadsec.com/
#Podcaster, Father, #Infosec and knowledge junkie. Defender of the Oxford comma and lover of good BBQ. Toots are my own, but YMMV.
Joined Aug 2018
