Scott Mortimer  

~Open Source Security Tool of the Day~

Whalescan is a vulnerability scanner for Windows containers, which performs several benchmark checks, as well as checking for CVEs/vulnerable packages on the container. It also checks the config and Docker files for misconfigurations. This tool can be used as part of a Windows container review on local copies of the containers, and on the host itself to enhance security.

github.com/nccgroup/whalescan

0
Scott Mortimer  

"Shield is an active defense knowledge base MITRE is developing to capture and organize what we are learning about active defense and adversary engagement. Derived from over 10 years of adversary engagement experience, it spans the range from high level, CISO ready considerations of opportunities and objectives, to practitioner friendly discussions of the TTPs available to defenders."

shield.mitre.org/

0
Scott Mortimer  

~Open Source Security Tool of the Day~

gVisor provides a virtualized environment in order to sandbox containers. The system interfaces normally implemented by the host kernel are moved into a distinct, per-sandbox application kernel in order to minimize the risk of an container escape exploit. 

gvisor.dev/

0
Scott Mortimer boosted
The_Gibson{BBS88/net93/94}  

USPOL, RBG, Your Cynicism 

You cannot expect to do good without acting inside the system to triage, and working without the system to force change.

Both of these things matter.

Exercising your right to vote doesn't mean you are supporting the system, it means you are manipulating as best you can from within.

Do it.

Exercising your right to protest, and force change by holding politico's feet to the fire? Just as important.

At this point if you are of the belief that not voting is a good idea, you are either a manipulated fool, or a mouthpiece trying to disenfranchise others.

Get over your ego, and go do both.

I'm not asking you to even like it. But know how you are leveraged, and maximize your free will.

1+
Scott Mortimer  

Getting rid of the Google cookie consent popup | Daniel Lange's blog

daniel-lange.com/archives/164-

0
Scott Mortimer  
0
Scott Mortimer boosted
PhatBoi :pclinuxos: :artix:  

Secure Messaging Apps Comparison | Privacy Matters
securemessagingapps.com/

1+
Scott Mortimer boosted
Daniel Cid  

Product direction from Mozilla:

"...this decision allows us to sharpen our focus on experiences like Mozilla VPN, Firefox Monitor, and Firefox Private Network."

blog.mozilla.org/blog/2020/09/

VPN, VPN (through CloudFlare's) & EOM of haveibeenpowned?

Where is the Mozilla we used to love?

1
Scott Mortimer boosted
The_Gibson{BBS88/net93/94}  

@JohnsNotHere

Ellison is a huge supporter of Tangerine Mussolini.

1
Scott Mortimer boosted
ThinkPrivacy  

Recently, we removed Firefox Send because of security concerns and they took the service down. Today, they announced Send is dead.

We will also be removing Lockwise because Mozilla keeps killing projects after adoption, causing headaches for users.

blog.mozilla.org/blog/2020/09/

1
Scott Mortimer  

101 for lateral movement detection – Compass Security Blog

blog.compass-security.com/2020

0
Scott Mortimer  

The only Penetration testing resources you need

kalitut.com/penetration-testin

0
Scott Mortimer boosted
/DΞV/ЯДИDФM  

Love my job but this is pretty accurate.

1
Scott Mortimer  

~Open Source Security Tool of the Day~

Endlessh: an SSH tarpit

Endlessh is an SSH tarpit that very slowly sends an endless, random SSH banner. It keeps SSH clients locked up for hours or even days at a time. The purpose is to put your real SSH server on another port and then let the script kiddies get stuck in this tarpit instead of bothering a real server.

github.com/skeeto/endlessh

0
Scott Mortimer  

Bellingcat’s Online Investigation Toolkit

Welcome to Bellingcat’s freely available online open source investigation toolkit. You can follow our work on via our website, Twitter and Facebook. The list includes satellite and mapping services, tools for verifying photos and videos, websites to archive web pages, and much more. The list is long, and may seem daunting.

docs.google.com/document/d/1Bf

0
Scott Mortimer boosted
Manuel D'Orso  

"I Have Blood On My Hands": A Whistleblower Says Facebook Ignored Global Political Manipulation buzzfeednews.com/article/craig via @CraigSilverman

1
Scott Mortimer  

😳

New Windows exploit lets you instantly become admin. Have you patched?

Zerologon lets anyone with a network toehold obtain domain-controller password.

arstechnica.com/information-te

1
Scott Mortimer  

Azure Seas....

"The team is speculating that the greater reliability may be connected to the fact that there were no humans on board, and that nitrogen rather than oxygen was pumped into the capsule."

Microsoft's underwater data centre resurfaces after two years

bbc.com/news/technology-541467

0
Scott Mortimer  

Deploy a DFIR forensics lab with one script on Google Cloud Platform!

0xbanana.com/blog/one-click-fo

0
Scott Mortimer  

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics. These cheat sheets were created by various application security professionals who have expertise in specific topics.

cheatsheetseries.owasp.org/

0
Show more

Scott Mortimer's choices:

Infosec Exchange

A Mastodon instance for info/cyber security-minded people.

Resources

Developers

What is Mastodon?

infosec.exchange

More…