Pinned post

So if someone made a podcast about security that's aimed at the C-Level, would you listen to it? Not the usual deep, technical, jargon but rather aimed at executives. No news, just best practices.

Please boost for maximum coverage.

Pinned post

Hey everybody. In the interest of giving back to the community (and the fact that I *really* need to start advertising more), my company (EliteSec) has created a simple project for setting up Sonarqube to test against your own codebase.

Sonarqube is an open source static code analysis tool. I've created a simple Vagrant script that will:

1. Download an Ubuntu 18.04 VM
2. Install Docker
3. Install Sonarqube
4. Setup all routing for your local machine.

Check it out:

github.com/EliteSec-io/vagrant

Pinned post

Incorporation is complete, I can start making noise about elitesec.io

For those who are looking for or just help, make sure to consider us. We're based in Canada, but happy to help whomever we can reach. Many thanks!

Fingers crossed that this week ends up being a good one.

I'm arguing with someone at work about the use of a new DNS proxy, and the fact that I'm blocking porn. I'm about ready to tell him to go ask the CEO for permission to watch porn on his company-owned computer, and if he approves it, I'll remove the block.

Podcasters are not journalists, we don't have to protect our sources. Plus some of the logic jumps and arguments in this episode were just too much for me.

I've unsubscribed from Darknet Diaries. I've never been a Patreon supporter, but if I were then I would have been crazy pissed off about this.

Everyone is free to decide what they find acceptable for content, but this one was just too much for me. /fin

Show thread

Being a hacker is all about exploring boundaries and challenging norms. I do draw the line at hacks and such that cause harm to everyday people, and I sure as hell have no patience when it comes to hurting innocents like children.

This "porn trader" fits that "out of bounds" definition. I don't care if he's just trading itl he's *enabling* it. Telling them to just get rid of the evidence makes you an accessory, so WTF?!

Show thread

Surely this guy is going to prison, right? That's why Jack is speaking with him now? Nope. This guy reached out to Jack asking what to do, because he suddenly had grown a concious and wanted to know what to do. See, he's a porn collector, and he just happened to collect some CP as well. What does Jack say to do? Delete it and just stop dealing with it, and act as if it never happened.

No Jack, some lines should never be crossed. EVER.

Show thread

Fun fact - I applied to work at Kik as a Security Engineer back in 2018. I ultimately turned them down, but I thought this was interesting.

The guests were the usual mix of hackers or other underground individuals, but there was a difference with one of them. Jack altered his voice, which was a first as far as I can recall. Why?

Well, later in the episode you hear that this guy was also trading in this ilicit material. Not producing, but distributing.

Show thread

I've had some issue with Jack in the past with the way he draws conclusions on some of his stories, but this latest one was just mind boggling to me.

Before I get into it, I want it to be known that I was a huge fan of the show, having listened to it since the first episode and recommending it to friends and family for some of the great stories, but not any longer.

The latest episode dealt with Kik, an IM app, and how prolific child porn was on the platform.

Show thread

So time for a mini rant. Unix_guru, aka Michael Ball, has been arrested and charged with quite a few things related to child pornography. I recently had a former colleage who did the same thing. I'm not going to go into the whole "monsters under our noses" thing as I knew both and never suspected a thing from either. No, this is a different rant.

Listening to the lastest episode of Darknet Diaries, I have decided to unsubscribe and express my dissapointment in the host, Jack Rhysider.

Repeat after me - Use of biometrics alone does not replace a password and another factor. Biometrics alone is still single-factor, and while arguably stronger than just a password, swapping a single factor of authentication for another does not trump proper multi-factor authentication.

At HackNotice, we get support requests to hack into accounts all the time. My ex's Facebook, this girl's IG, etc. My favorite came in today - a student asked us to hack into their school district network. I'm sure this being finals/end of semester has nothing to do with the timing.

To anyone in , it's a known fact that we need to constantly read up on the latest TTPs that attackers use to protect against them, but it's equally important to offensive-focused folks (pentesters, red teamers, etc.) to do the same. I have been lazy and lost my relatively good ranking on TryHackMe because I wasn't keeping up. I will now find the time to rectify this issue. Remember, is a field where everything moves quick, so best to try to keep up.

I'm spending the weekend cleaning out my garage and one of the spare rooms. Any concerns about filling a 14-yard container were thrown out the window. Now the question turns into whether or not I have enough room left in it for the last few items. 😛

But I will say, taking a break from technology and everything has been a nice break. Very therapeutic to toss crap I haven't touched in 10+ years.

Oh, and spending 3 days moving a bunch of content and re-writing parts of a website while watching Netflix and YouTube videos is one hell of an endorsement for Hugo, my static site generator of choice. Aside from some VERY basic metadata updates and some CSP rule cleanup, it was nigh painless. I'm truly amazed, and I love how easy it is to maintain.

Show thread

Time to break the silence. I've spent the weekend updating my theme for EliteSec to a new one, and I also re-wrote some services pages to make them a bit more "marketable". I've only done some basic spell checks, no grammar checks yet, but I'd appreciate any feedback if someone has time:

elitesec.io/

TIA!

tl;dr - was invited to a "business cult" a second time, but I declined. Damn people are persistent.

Also, business networking cults are a thing, and they're insane.

Show thread

Needless to say, I said no the first time. Today's invitation was much more "persistent", to the point that I'm not responding any further. I'm sorry, but any "networking" group that charges you a membership fee and requires =you to be on the lookout for new members is not a business networking group, it's a cult. Now go do a search for "BNI cult". Enjoy the readings!

Show thread

I joined my local chamber of commerce's networking event today. Again I was approached to join BNI, another networking group. Have you never heard of BNI? Neither did I until I was asked the first time, then I looked them up. Go do it now, I'll wait.

The best part of finishing an engagement is preparing for the next one. And by preparing, I mean figuring out what I let slide while I was working on this engagement.

Hello Fediverse, anything interesting happening? Tell me of your weekly exploits.

Show older
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.