Scott Mortimer

~Open Source Security Tool of the Day~

Arkime (formerly Moloch) is a large scale, open source, indexed packet capture and search system.Arkime augments your current security infrastructure to store and index network traffic in standard PCAP format, providing fast, indexed access. An intuitive and simple web interface is provided for PCAP browsing, searching, and exporting.

github.com/arkime/arkime

0
Scott Mortimer
1
Scott Mortimer

Rookie coding mistake prior to Gab hack came from site’s CTO

Site executive introduces, then removes, insecure code, then hides the evidence.

arstechnica.com/gadgets/2021/0

1
Scott Mortimer boosted
Stainless Steel Coyote

Never before has a single drawing so accurately defined how I feel about work.

0
Scott Mortimer boosted
Eugen

Just to reiterate in relation to Gab getting hacked, I’m not aware of any vulnerabilities in Mastodon at the moment and based on what I have seen in their code modifications the vulnerabilities they have are the ones they themselves introduced (along with never porting security patches from us)

1+
Scott Mortimer

Hahahaha..."a social network that champions free speech, individual liberty and the free flow of information online”...yep, the information is flowing freely. 😀

Hack of Gab Social Network

threatpost.com/hacktivists-gab

0
Scott Mortimer

Quick Poll: What should I use for my new personal knowledge management system?

36 people · Mar 02, 2021, 21:15
1+
Scott Mortimer

Reddit is really a shitty place. 💩

1+
Scott Mortimer boosted
Fipaddict
1
Scott Mortimer boosted
Daniel Cid

Blame the intern...

edition.cnn.com/2021/02/26/pol

If an intern with a bad password can do damage to your company, you have serious issues.

1
Scott Mortimer

password or the host’s SSH keys."

crowdstrike.com/blog/carbon-sp - 2/2

Show thread
0
Scott Mortimer

ESXinsidious

"In order to compromise ESXi devices, SPRITE SPIDER attempts to harvest credentials that can be used to authenticate to the vCenter web interface. SPRITE SPIDER uses PyXie’s LaZagne module to recover vCenter credentials stored in web browsers, and also runs Mimikatz to steal credentials from host memory. After authenticating to vCenter, SPRITE SPIDER enables SSH to permit persistent access to ESXi devices. In some cases, the adversary will also change the root account - 1/2

1
Scott Mortimer

I have always admired the quote from Bruce Schneier about complexity being the worst enemy of security. If even the network defenders cannot readily understand the architecture, than mounting a proper defense is a lost cause.

Stop Being Proud of Complexity | Daniel Miessler

danielmiessler.com/blog/stop-b

0
Scott Mortimer boosted
Andy Thompson

Yo! $DayJob is looking for to recruit security researchers, developers, engineers team leaders and more to join the team. Seriously...hit me up and I can give you more intel.

1+
Scott Mortimer boosted
Parade du Grotesque 💀

Praise Cthulhu, it's Friday, my dudes and dudettes! (*)

(*) Replace "dudes and dudettes" with gender appropriate salutations as needed.

1
Scott Mortimer

"As social media giants like Facebook, YouTube, Reddit, and Twitter try to oust extremists, and web-hosting services toss some of the biggest propaganda purveyors like Parler, the quickly growing Telegram platform is becoming an alternative hub for disinformation."

justsecurity.org/74947/telegra

0
Scott Mortimer

If your password manager, banking or payment platform doesn't use 2FA, find alternatives.

Show thread
0
Scott Mortimer

List of websites and whether or not they support Two-Factor Authentication

2fa.directory/

1
Scott Mortimer boosted
☆ Dmitri ☭

I'm dying 😂

1+
Scott Mortimer

"Developers and Open Source authors now have a massive amount of services offering free tiers, but it can be hard to find them all to make informed decisions.

This is a list of software (SaaS, PaaS, IaaS, etc.) and other offerings that have free tiers for developers."

free-for.dev/

0
Show older

Scott Mortimer's choices:

osstotd

128
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.

Resources

Developers

What is Mastodon?

infosec.exchange

More…