With #KringleCon soon upon us, if anyone in the Fediverse is interested in joining in, Purple Squad Security has a small group of people lined up to work on it and share our experiences with each other. If you've never done a CTF, consider joining us! We do this via our Slack, which you can join via https://signup.purplesquadsec.com
That settles the #SuperMicro story by Bloomberg. Independent investigation by a third party reveals no proof of tampering by the Chinese. Bloomberg you've published a bullshit story again #infosec #security #privacy
Purple Squad Security - Episode 45 - Holiday Special - Storytime with @tinker
Did I just record a story with @tinker ? Yes, yes I did. And now I need to find some appropriate backing tracks for our chat...
It's really amazing to see how a change of scenery can change your own personal view of your skills. Surrounding yourself with crazy smart people can kickstart those creative juices and distract you from your own imposter syndrome, if only for a few weeks. Now I'm researching Beyond Corp, osquery, and raspberry pi hacking! I just got myself an early Christmas present. 🤗
Thoughts About Counter-Forenics and Attacks on Logs
Operating one's own local DNS resolution servers is one of the simplest and lowest-cost things an IT administrator can do to monitor and protect applications, services, and users from potential risks.
Building resilient C2 infra using DNS over HTTPS as a backup trigger. An example of how (and why!) to build layers and differentiation into your C2 channels. Including a cool example on hiding your payload in a robots.txt file. Blog post here: https://outflank.nl/blog/2018/10/25/building-resilient-c2-infrastructues-using-dns-over-https/
Question for the bloggers out there. I'm looking for a nice, simple, hosted blog system for my static site. No desire to mess around with static pages, etc, and I don't want to go with Wordpress. Free would be best, but if it's reasonable I'm willing to subscribe. Leaning towards Medium, but I'm not a fan of their "limit of 3 articles per month" model for readers. Thoughts/suggestions?
NCSAM Day 19: The Importance of Learning Offensive Tactics
Got to speak at my local library tonight about #cybersecurityawarenessmonth. 5 people in total, 4 in their 60s. It was more rewarding than speaking to a group of 500 infosec professionals because I got to share information that people didn't know. They were all pretty sharp, and were more savvy than I thought. Remember, we want to help secure the world, so start with those who are willing to learn, regardless of their age.
I've been trying to move into an offensive role, mainly due to the lack of challenge/direction in my present role. A friend accused me of being picky because I turned down roles that are similar to what I've done but don't honestly interest me because it's mostly around policy, documentation, and enforcement. When is the search for a challenge being picky?
Mastadon is like the lazy river of social media
Thanks @jerry, this is nice. I only have mild impostor syndrome here, but far less rage and disgust. 😊
Here is Patrick Gray’s most excellent special recording regarding the Bloomberg Supermicro/Apple/Amazon debacle: https://risky.biz/RB517_feature/
@InfoSecSherpa and I may not have gone to DerbyCon, but we had our own fun talking about Cyber Security Awareness Month: https://purplesquadsec.com/podcast/episode-41-cyber-security-awareness-month-with-tracy-maleeff/ #ginfosec #inforum
Podcaster, Father, Infosec and knowledge junkie. Defender of the Oxford comma and lover of good BBQ. Toots are my own, but YMMV.
A Mastodon instance for info/cyber security-minded people.