Reject this lame cyber dystopia.
We shape things.
Make this world yours.
They don't own you, your thoughts, your work, your life, or your ass.
All you gotta do is reject their bullshit en masse.
Fuck that. Mic check.
Just published a post on how you can set up an open source security scanner ( #owasp ZED attack proxy) for your file transfer server https://www.sftpplus.com/articles/2018/sftpplus-mft-security-scan-post.html which uses HTTP(S) authentication.
You can adapt to fit your own server.
My former career was application development. 4 years ago, when I crossed over to security to help partner InfoSec with AppDev. Due to shortage in manpower I had to concentrate on vulnerability and patch management. Happy to say I get to refocus on AppSec. I still feel like a security newbie. Eager to learn.
About the only TV I watch is #StrangerThings & #SuperNatural
Enjoy the outdoors #hiking, #kayaking
Some common "mistakes" that can compromise your python projects:
most of them can be automatically detected, early on, by using some tools:
I'm also a #SecularBuddhist.
I want to limit my social media usage to meaningful interactions, and this seemed a better instance than my previous two.
Here are some of my interests:
You can find stuff I've done here:
https://github.com/ThomasLeister/mastopurge exists, as a solution to time-limiting existence of toots at least on their originating server.
I am pleased to see data hygiene come up, even if "there's a german word that looks just like an english word" is a pretty hilarious gimmick (despite being accurate; it's more of a thing here).
Heard: "In terms of the cyber"
Actual: "In terms of the cipher"
Good in-depth writing: "AWS Privilege Escalation – Methods and Mitigation" by Rhino Security Labs. Covers 17
They also make exploits / tools available on their Github https://github.com/RhinoSecurityLabs/Security-Research
This post will cover our recent findings in new IAM Privilege Escalation methods – 17 in total – which allow an attacker to escalate from a compromised low-privilege account to full administrative privileges.
I'm going to be running a meeting to go over enterprise risk assessment w/ exec management. I've worked w/ them successfully for years in other realms, so I know the players & styles, but for some reason I can't seem to get much out of these meetings. What would others make sure they impart on c level & try to get out of the meeting?
@yuki_the_maven Another template is the SIG Shared Assessment. Not free.
Depending on the nature of the org & how much you like reading, these may be of interest:
Reading a few tweets that redteam is actually hard, that the attacker doesn't have an advantage. Well yeah... but blueteam is also terrible at metrics. You could never know if you have been pwned and live with it. Both jobs can be extremely frustrating and equally hard. https://t.co/0jHn3lKDg5