RT @ORARiccardo@twitter.com
"Dance like no one is watching, encrypt like everyone is." Ho parlato con @edok_lotosov@twitter.com dei TransCyberian CryptoParty vice.com/it/article/vb5xbd/tra

RT @Secjuice@twitter.com
Security researcher and OSINT practioner @n0mad42@twitter.com has put together this awesome beginner guide to detecting firewalls and gateways.


Working on compiling a Ryuk/Grim Spider layer for the MITRE ATT&CK navigator, based on available OSINT, in case anyone wants to help out.

~Open Source Security Tool of the Day~

Nebulo is a free, open-source, non-root and small sized DNS changer utilizing dns-over-https and dns-over-tls to bring privacy and security to your phone.
It is fast, contains no ads or tracking and offers a lot of flexibility.


Blog post: CVE-2019-10392 — Yet Another 2k19 Authenticated Remote Command Execution in Jenkins - iwantmore.pizza/posts/cve-2019
Reading: 3 min
Published: 09/12/2019

Getting started with the "semantic wiki for threat intel" project:

Name's SemanCTI, still empty for now but I'll try to put up sample pages with some real intel.

As cybersecurity issues have mounted, dual-use technologies have proliferated. These technologies can be used for legitimate and socially beneficial purposes. However, they can also undermine human rights depending on how they are deployed. For example, network traffic management technology such as deep packet inspection (DPI) and Internet filtering tools can be used legitimately for traffic management.


RT @philvenables@twitter.com
Vulnerability Management. A thread.

I don’t see much written on vulnerability management in more holistic terms vs. patch/bug fixing. This might be ok given a lot of vuln. mgmt. should be contextualized into enterprise risk/control. But still worth a short thread.......


DEF CON 26 - Andrea Marcelli - Looking for the perfect signature an automatic YARA rules

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.