Pinned toot

Just a reminder, you can support infosec.exchange through liberapay: liberapay.com/Infosec.exchange

Thanks!

Jerry Bell boosted

Who lying more at this very moment?

Jerry Bell boosted

It's been 5 years since the Italian hacker-for-hire contractor Hacking Team had its tools stolen and dumped online. Now a China-linked hacker group is reusing the defunct company's leaked UEFI to infect the deep recesses of victims' computers.

wired.com/story/hacking-team-u

Jerry Bell boosted

Hello Fediverse, do you have any book(s) recommendation to begin in ethical hacking?

Anyone have experience with the latest Intel i9 processors in laptops? I’m thinking about buying an X1 extreme gen 3. The i9-8xxx series mobile proc seems to get some bad reviews online

Jerry Bell boosted

Save the date for the virtual Purple Team Summit on Friday, November 13, 2020.

This is a community driven event for the entire Purple Team from all levels including Executives to Students. We want to get Cyber Threat Intelligence, Red Team, Blue Team, SOC, Hunt Teams, Digital Forensics and Incident Response, and everything in between together for this free conference and workshops. More details coming soon.

The Call for Presentations is now open til October 18, 2020.

scythe.io/purple-team-summit

Jerry Bell boosted

RaspAP lets you quickly get a WiFi access point up and running to share the connectivity of many popular Debian-based devices, including the Raspberry Pi. Our popular Quick installer creates a known-good default configuration that “just works” on all current Raspberry Pis with onboard wireless. A responsive interface gives you control over the relevant services and networking options...and lots more.

raspap.com/

Jerry Bell boosted

How to properly manage ssh keys for server access :: Päpper's Coding Blog — Have fun coding.

Every developer needs access to some servers for example to check the application logs. Usually, this is done using public-private key encryption where each developer generates their own public-private key pair. The public keys of each developer are added to the authorized_keys file on each server they should have access to.

paepper.com/blog/posts/how-to-

Jerry Bell boosted

What are your most important sources for security related news? - I currently have an unstructured mess out of Twitter lists, RSS feeds and link aggregation sites.

Jerry Bell boosted
Jerry Bell boosted

Hey. Short
My name is Michael, and I like to talk about all sorts of technologies, especially security-related ones. I had been active here for a while, but a fresh start never hurts, I guess.

I am currently getting used to i3wm on Debian, work on my blog and wiki, and plan to complete some certs soon.

Some things I want to do soonish: hosting an IRC server and start coding web apps and bots in Python (Flask)

Happy to be here again.

Jerry Bell boosted

😳

New Windows exploit lets you instantly become admin. Have you patched?

Zerologon lets anyone with a network toehold obtain domain-controller password.

arstechnica.com/information-te

Jerry Bell boosted

Happy 1.6 billion seconds since Jan 1 1970 🥳

Jerry Bell boosted

I loved Pantera and Metallica when i was in high school (ack - >30 years ago!) and had a chance to listen to Metallica and felt long dormant neural pathways firing again, but damn that is some slow and boring music.

Show thread

I hate that I love As I Lay Dying’s music. Others in that genre (ABR, Parkway Drive, I Prevail, etc) are just too slow for me lately.

Anyhow, can anyone recommend music that is like AILD, but with 100% less “lead singer attempting to murder his wife”?

Jerry Bell boosted

What if The Matrix was trying to teach us about set theory?

Sorry for the downtime, all. Namebargain (my domain registrar) transferred all their domains to Register.com (namebargain’s parent company). I knew that was happening, but I missed the minor detail that THEY WOULD NUKE THE DNS SERVER RECORDS.

Anyhow, back now.

Jerry Bell boosted

could someone please explain PreLoader.efi to me? from what i could find, it seems pointless. it's a bootloader signed with microsoft secureboot keys, but it will execute any binary the user adds to its hash database, which apparently doesn't require any kind of authentication. what prevents an attacker from e. g. modifying the kernel and then adding its hash?

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.