MalachiteOS is a user on infosec.exchange. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

MalachiteOS @malachiteOS@infosec.exchange

"Your gut instinct is all your life experiences telling you what's up. Trust that."

"Every conversation is predicated on the idea that we are here to listen first, and speak second."

"Don't be content knowing someone else is wrong. Be able to explain in detail why they're wrong."

"If someone calls you out, listen and ask questions. A lot of time they're just an asshole. Sometimes you're just an idiot."

Valuable life lessons. Introspection, critical thinking, open-mindedness.

We did not have the knowledge to make that theoretical attack material. That classmate is one of the most clever people I have met.

It is hard to assign a value to the ability to think outside the box. Pull together all the things you have ever learned and attempting to draw lines between disparate points.

I learned a lot from them.

A classmate of mine workshopped that IPv6 attack in a basic networking class years ago. An offhand remark that Windows preferred IPv6 when available lead to dropping just dropping an IPv6 router. They realized that would be unstable. We landed on the idea of selective DNS attacks.

This attack/tool is mature and uses knowledge we did not have. Still, interesting how far ahead that friend was. Thinking like an attacker since day one.

The mature attack here: blog.fox-it.com/2018/01/11/mit

MalachiteOS boosted
MalachiteOS boosted

Every once in a while I will remember that Uber had a black ops security team and was stupid enough to put them on the books.

If you plan on committing crimes on behalf of anyone, or paying someone to commit crimes on your behalf, make sure the first criminal you employ is a money launderer so that your crimes do not show up on your payroll.

MalachiteOS boosted

Out of curiosity, is anyone working on u2f (I.e. yubikey and similar) integration? I know there's TOTP, mind, but the issue (#562) I found on GitHub has no comments.

Otherwise I might have a project to add to my excessively large project pile...

I might as well post this here. I wrote a medium post about creating online identities and how I manage mine.

medium.com/@malachiteOS/who-am

I am vaguely attached to . I have tried mastodon before but it didn't stick. Trying again now.