Pinned toot

Times are a bit rough right now, and at EliteSec we'd like to do our part to help. If you are a SMB with less than 250 employees, we are offering a flat-fee network scan to ensure your company's WFH setup is secure.

elitesec.io/blog/scanning-smb-

Pinned toot

Hey everybody. In the interest of giving back to the community (and the fact that I *really* need to start advertising more), my company (EliteSec) has created a simple project for setting up Sonarqube to test against your own codebase.

Sonarqube is an open source static code analysis tool. I've created a simple Vagrant script that will:

1. Download an Ubuntu 18.04 VM
2. Install Docker
3. Install Sonarqube
4. Setup all routing for your local machine.

Check it out:

github.com/EliteSec-io/vagrant

Pinned toot

May the next decade treat you better than the last one. May the best of your past be the worst of your future. May intelligence and compassion guide you, and may the voice of reason temper your emotions. You are capable of anything - don't waste the opportunity.

Pinned toot

Incorporation is complete, I can start making noise about elitesec.io

For those who are looking for or just help, make sure to consider us. We're based in Canada, but happy to help whomever we can reach. Many thanks!

Times are a bit rough right now, and at EliteSec we'd like to do our part to help. If you are a SMB with less than 250 employees, we are offering a flat-fee network scan to ensure your company's WFH setup is secure.

elitesec.io/blog/scanning-smb-

I just joined Twitch so I can participate in a free Security+ course being done by @marcusjcarey on Tuesdays and Thursdays. Unemployed people who want to change career paths should get on this. It's going to be awesome and he's going to have a bunch of hands-on stuff that can help you learn how to be a security analyst. pscp.tv/w/1mnGeQYYREoGX#

So, has anyone done any research into netflixparty.com yet? I haven't had time to dissect it yet, but I'm curious.

For those who didn't know, I started my own company called EliteSec. Here's the latest blog post I wrote up about actions to take if you find the majority of your organization working from home. Enjoy!

elitesec.io/blog/all-working-f

Are you concerned about Privacy? A good friend is working on a pretty amazing project and could use some exposure. Check out Projekt: Oni!

home.oniprojekt.ninja

My only complaint is the lack of logging, which makes monitoring who's connected from where a bit of a pain, but it depends on your use case.

Show thread

Tell me a story Fediverse. Today is not a great day so far, and I'd like to hear something nice.

Very cool, I just discovered how to use Lambda@Edge on AWS to get my simple website to setup proper HTTP headers so I don't have issues with these "all-in-one" scanners that give you a letter grade for your website.

Even though I'm using a static site generator, hosting on S3, fronted by Cloudfront, it never hurts to make sure your site is passing these basic tests since you never know how your clients may evaluate you.

securityheaders.com/?q=elitese

Hey everybody. In the interest of giving back to the community (and the fact that I *really* need to start advertising more), my company (EliteSec) has created a simple project for setting up Sonarqube to test against your own codebase.

Sonarqube is an open source static code analysis tool. I've created a simple Vagrant script that will:

1. Download an Ubuntu 18.04 VM
2. Install Docker
3. Install Sonarqube
4. Setup all routing for your local machine.

Check it out:

github.com/EliteSec-io/vagrant

looking for work, please boost 

"Fox Kitten" Campaign

Info on techniques/methods:

Pre-access/Access Tools:
VPN system vulnerabilities
A pre-access tool

Local priv esc tools
Juicy Potato, Procdump, Mimikatz, Sticky Keys, other accessibility tools settings, local admin user

Lateral movement tools:
STSRCheck, port.exe, Invoke the Hash

Backdoor/C&C tools:
POWSSHNET, socket based backdoor for socket opening, servo, Ngrok, FRP, webshells, archives (winrar, z-zip)

Summary: clearskysec.com/fox-kitten/
Full: clearskysec.com/wp-content/upl

#PSA: Visual Studio Code is actually just an amazing, free, open source project called VSCodium with microsoft telemetry (read tracking) added in.

Skip the tracking, ditch the bloat, and go straight to the source.

vscodium.com/

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.