Pinned toot

Times are a bit rough right now, and at EliteSec we'd like to do our part to help. If you are a SMB with less than 250 employees, we are offering a flat-fee network scan to ensure your company's WFH setup is secure.

elitesec.io/blog/scanning-smb-

Pinned toot

Hey everybody. In the interest of giving back to the community (and the fact that I *really* need to start advertising more), my company (EliteSec) has created a simple project for setting up Sonarqube to test against your own codebase.

Sonarqube is an open source static code analysis tool. I've created a simple Vagrant script that will:

1. Download an Ubuntu 18.04 VM
2. Install Docker
3. Install Sonarqube
4. Setup all routing for your local machine.

Check it out:

github.com/EliteSec-io/vagrant

Pinned toot

May the next decade treat you better than the last one. May the best of your past be the worst of your future. May intelligence and compassion guide you, and may the voice of reason temper your emotions. You are capable of anything - don't waste the opportunity.

Pinned toot

Incorporation is complete, I can start making noise about elitesec.io

For those who are looking for or just help, make sure to consider us. We're based in Canada, but happy to help whomever we can reach. Many thanks!

This project was a lot of fun, as it had all the elements: hardware, software, sysadmin, installation, training. For the techno-phobic family who got the system, the bar was very low and ultimately acceptable to them. Not going to put Facebook Portal out of business anytime soon, but it's a nice trade-off all things considered.

Show thread

My home-brew video conferencing on a budget worked out well. Total cost? Under $200 CAD for the RPi4, case, PS, 1080p camera with shutter, and media keyboard. Likely could have saved on the camera and keyboard, but quality wins out here. The reaction with the family once they could see the rest of us without having to leave their living room seats? Priceless.

Had a family member buy a TV thinking it could run Zoom natively (not tech savvy, it's a Roku-based TV). Rather than pointing out the flaw, I worked on setting up a spare Pi4 that I had lying around to auto-start Chromium in kiosk mode with a link to meet.google.com. Privacy be damned when ease of use is king. Combined with a wireless media keyboard and webcam, and now that TV set is a fully functioning video conference rig on a budget. It impressed my wife at least.

I want to try an experiment. Put up a zoom invite on Twitter, no context, and see how long it takes to get Zoom bombed. Then repeat with the Fediverse.

I attended a local chamber of commerce networking event the other week, which led me to being invited to another group's meetup as a "visitor". Did some digging after I found their invitation email somewhat ... disturbing. After about 2 minutes of Googling, I declined and said I have no interest in joining. Man alive, there is literally a cult for every facet of life, isn't there?

I think the biggest thing is how numb I am to the whole thing. I mean, I'd beat the guy to an inch of his life if it's true, but I'm not as she'll shocked as others. We security folk know to be level headed and calm during calamities, but this even surprises me. Am I so jaded?

Show thread

Found out an old work friend was charged with a horrible crime. I'm still in shock given how 'normal' he was, for all that means. My wife asked if we were close. I try to get close to everyone I work with unless you give me a reason not to. I'm in shock, and not sure how to respond. I believe in innocent until proven guilty, but they _named_ him. This isn't something that you can bounce back from.

Catching up with Castlevania on Netflix. Pretty good show I must admit.

Anyone have more insight on this Big Sur fiasco? What about developers writing their own code on macOS? Will they need a special license for Python apps, custom Java or Rust apps? What about Go, which is compiled? I know a lot of teams that use Macbook Pro's for their dev teams, and this smells of a huge trap if this is the case.

h/t: @kyle

Anyone have a decent git dumping tool? I've tried git-dumper, and the tools from GitTools, but I'm running into "dead" files. And no, I can't just clone using wget, I tried. Damn Node.js Express server and their default routes are messing up my dumps.

Emotional Support Canadians are available for those in the Fediverse from the US who need a patient ear.

uspol 

Vote safely my US friends, the rest of the world is watching. Show us why you are a beacon for democracy in the world, and don't give the dictators the satisfaction of pointing to you and saying "See?! Do you really want to be like them?"

Who has bandwidth to do a white paper review for me? Looking for those who offer penetration testing as well as those who purchase penetration testing services.

Good morning to you all circling the void along with me!

Case in point with eLearnSecurity:

Originally the Pen Tester Extreme (PTX) course was $1,799 USD for the "Elite" course, which included 120 hours for the lab as well as an exam voucher. Unlimited lab access was another $399, so $2,198 in total. Now you get "full" access for $1,999 for a year, plus $400 for the exam voucher. That's an extra $201 compared to what it would have been "a la carte".

If you do 2 or more certs per year, then maybe, but for a single cert it's a hike in price.

Show thread

eLearnSecurity has merged with INE for their courses. On the surface this seems like a good thing, but digging deeper you need to do at least 2-3 certs per year to make it worth it under the new model compared to the old one. Colour me unimpressed, but it's still cheaper than anything SANS has to offer.

I like SANS, I know a bunch of the instructors from my time with podcasting, but holy hell are those prices inflated. I may just go back to OffSec.

~Open Source Security Tool of the Day~

A modern behavior detection system, written in Go. It stacks on Fail2ban's philosophy, but uses Grok patterns & YAML grammar to analyse logs, a modern decoupled approach (detect here, remedy there) for Cloud/Containers/VM based infrastructures. Once detected you can remedy threats with various bouncers (block, 403, Captchas, etc.) and the blocked IPs are shared among all users to further improve their security.

github.com/crowdsecurity/crowd

I have completed my contract with a marketing firm to help get the word out for EliteSec. After spending ~$400 on LinkedIn ads with zero clicks, I'm starting to wonder if I'm doing this wrong. I don't expect miracles, but I would have hoped for at least one lead.

Next step is to use Sales Navigator and see if I can socially engineer my way into some target markets.

Thank the gods it's Friday, unlike that false Friday yesterday that threw me into a rage.

It's one of those days where I have a million thoughts on what to do, yet having a hard time nailing down what to start with. Too much uncertainty in the world in general, and my own orbit specifically, to make heads or tails of things. May need a mental health day.

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.