!hannah 🦄(@infosec.exchange) is a user on infosec.exchange. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

!hannah 🦄(@infosec.exchange) @superruserr@infosec.exchange

So basically to get Pleroma to federate with Tor instances, you just need to add one line in your config:
config :pleroma, :http, proxy_url: {:socks5, :localhost, 9050}

Super simple.
Maybe the guide should start with that :blobthinking:
Wrote a guide for federating with Tor instances / creating them with Pleroma. It's now in the Pleroma wiki.
Hopefully more people will try this out and make it feasable for others to open up Tor-only instances.

"Pleroma's goal is to empower the people and let as many as possible host an instance with as little resources as possible, the ability to host an instance with a small, cheap computer like a RaspberryPi along with Tor, would be a great way to achieve that."


https://git.pleroma.social/pleroma/pleroma/wikis/Easy%20Onion%20Federation%20(Tor)

Currently looking for people from #tech and #infosec backgrounds to follow to make this account actively usable

if anyone has any recommendations, please let me know

How do you protect what you don’t know? You don’t.

aboutdfir.com/cloud-exposure-d

Reject this lame cyber dystopia.

We shape things.

Make this world yours.

They don't own you, your thoughts, your work, your life, or your ass.

All you gotta do is reject their bullshit en masse.

Fuck that. Mic check.

Just published a post on how you can set up an open source security scanner (  ZED attack proxy) for your file transfer server sftpplus.com/articles/2018/sft which uses HTTP(S) authentication.

You can adapt to fit your own server.

@gilscottfitzgerald for their bio in particular:

> I'm a fan of non-hierarchical organization and a cybersecurity treehugger.

Hello all,
My former career was application development. 4 years ago, when I crossed over to security to help partner InfoSec with AppDev. Due to shortage in manpower I had to concentrate on vulnerability and patch management. Happy to say I get to refocus on AppSec. I still feel like a security newbie. Eager to learn.



About the only TV I watch is &
Enjoy the outdoors ,

I'm a self-taught #SoftwareEngineer that is now trying to jump into the #infosec industry.

I'm also a #SecularBuddhist.

I want to limit my social media usage to meaningful interactions, and this seemed a better instance than my previous two.

Here are some of my interests:

#glitchart
#pixelart
#netart
#bots
#cyberpunk
#webdev
#decentralization
#infosec
#security
#privacy
#meditation
#buddhism
#coffee
#tea

You can find stuff I've done here:
0x4464.github.io

#introduction

github.com/ThomasLeister/masto exists, as a solution to time-limiting existence of toots at least on their originating server.

I am pleased to see data hygiene come up, even if "there's a german word that looks just like an english word" is a pretty hilarious gimmick (despite being accurate; it's more of a thing here).

Heard: "In terms of the cyber"

Actual: "In terms of the cipher"

Good in-depth writing: "AWS Privilege Escalation – Methods and Mitigation" by Rhino Security Labs. Covers 17

rhinosecuritylabs.com/aws/aws-

They also make exploits / tools available on their Github github.com/RhinoSecurityLabs/S

----

Excerpt:

This post will cover our recent findings in new IAM Privilege Escalation methods – 17 in total – which allow an attacker to escalate from a compromised low-privilege account to full administrative privileges.

and I want to emphasize this about the scale we're talking.

you don't need an internet connection to build a distributed social network with Pleroma. you can go off the grid, and have a fully autonomous social and communication infrastructure, just on a mesh network with some raspberry pis, and connect it to the internet if you want to or not.

that's possible right now.
so what is Pleroma about anyway?

in a nutshell, it's about autonomy. it's about social media autonomy for every person on the planet. all 7.6 billion of us. nobody else telling us to do, what to say, and nobody else forcing us to see things we don't want to see.

this means Pleroma is being built for an entirely new scale of fediverse: one with billions of nodes. it's also why Pleroma supports alternative transports such as TOR and I2P out of the box.

it also is a major differentiator between Pleroma and Mastodon. in the Mastodon model, there's maybe a few million islands which host a few thousand people each. to contrast, in our model, everyone who wants to host their own instance does so. that means everyone can choose to have total social media freedom.

but it's not just social media, we also intend to use the same underlying tech to enable real-time communications with the same capabilities as the social media side of things.

and it's universal: different frontends for different preferences. like Mastodon but don't have the resources to run it? use Pleroma with Mastodon frontend and apps. like GNU social? Pleroma's default frontend was modelled after it. like diaspora* but want to talk to your fediverse friends? use Feather. like the alternative Mastodon frontends like Pinafore and Brutaldon? they work too.

hate spam and harrassment? we have a mostly as yet untapped framework called MRF which can be leveraged to automate moderation of an instance.

want to modify it? drop by #pleroma on freenode and we help with that too.
@staticsafe Time to consider Pleroma then. I'm hosting mine on a 2.5$ vps ^^

(or consider moving to a different, cheaper host)

Soliciting suggestions:

I'm going to be running a meeting to go over enterprise risk assessment w/ exec management. I've worked w/ them successfully for years in other realms, so I know the players & styles, but for some reason I can't seem to get much out of these meetings. What would others make sure they impart on c level & try to get out of the meeting?

Reading a few tweets that redteam is actually hard, that the attacker doesn't have an advantage. Well yeah... but blueteam is also terrible at metrics. You could never know if you have been pwned and live with it. Both jobs can be extremely frustrating and equally hard. t.co/0jHn3lKDg5