I finally finished all 10 #KringleCon objectives. This was a hell of a lot of fun, but man alive was it difficult at times! Learned a lot though, and definitely went way outside my comfort zone. Now I feel a bit empty...
Jayson E. Street shares a familiar story from one of his #HackerAdventures, but also follows up with a not-well-known epilogue that has me in stitches!
Sigh. For all of those who raised concerns about the @tinker interview having too loud music to hear the discussion I have taken that one down and replaced it with a non-music version. Please share and re-listen! :-) Thanks everyone, and sorry for the mistake!
With #KringleCon soon upon us, if anyone in the Fediverse is interested in joining in, Purple Squad Security has a small group of people lined up to work on it and share our experiences with each other. If you've never done a CTF, consider joining us! We do this via our Slack, which you can join via https://signup.purplesquadsec.com
That settles the #SuperMicro story by Bloomberg. Independent investigation by a third party reveals no proof of tampering by the Chinese. Bloomberg you've published a bullshit story again #infosec #security #privacy
Purple Squad Security - Episode 45 - Holiday Special - Storytime with @tinker
Did I just record a story with @tinker ? Yes, yes I did. And now I need to find some appropriate backing tracks for our chat...
It's really amazing to see how a change of scenery can change your own personal view of your skills. Surrounding yourself with crazy smart people can kickstart those creative juices and distract you from your own imposter syndrome, if only for a few weeks. Now I'm researching Beyond Corp, osquery, and raspberry pi hacking! I just got myself an early Christmas present. 🤗
Thoughts About Counter-Forenics and Attacks on Logs
Operating one's own local DNS resolution servers is one of the simplest and lowest-cost things an IT administrator can do to monitor and protect applications, services, and users from potential risks.
Building resilient C2 infra using DNS over HTTPS as a backup trigger. An example of how (and why!) to build layers and differentiation into your C2 channels. Including a cool example on hiding your payload in a robots.txt file. Blog post here: https://outflank.nl/blog/2018/10/25/building-resilient-c2-infrastructues-using-dns-over-https/