!hcs @superruserr@infosec.exchange

#berlinsides CFP and registration will close at May 15th 2019

Checking out OWASP DefectDojo (open source vulnerability management tool) on Docker

https://defectdojo.readthedocs.io/en/latest/getting-started.html#docker-compose-install

Though they have a live demo at https://defectdojo.readthedocs.io/en/latest/getting-started.html#live-demo

OWASP Juice Shop Tool Project
https://www.owasp.org/index.php/OWASP_Juice_Shop_Project

The application contains a vast number of hacking challenges of varying difficulty where the user is supposed to exploit the underlying vulnerabilities.

The @torproject #Tor project on GSOD to help improve Tor documentation

https://blog.torproject.org/google-season-docs-2019-help-tor-improve-our-documentation

https://trac.torproject.org/projects/tor/wiki/doc/GoogleSeasonOfDocs2019

#Whonix is a free and open-source desktop operating system (OS) that is specifically designed for advanced security and privacy. Based on Tor, Debian GNU/Linux and the principle of security by isolation.

Contribute to documentation via GSOD:

https://forums.whonix.org/t/google-season-of-docs-gsod-2019/7191

https://www.whonix.org/wiki/Design/Google_Season_of_Docs_2019

We use #Mattermost, it's the open source self-hosted Slack alternative. https://www.mattermost.org/

Check out Google Season of Docs project page for Mattermost https://forum.mattermost.org/t/google-season-of-docs-2019/7136 for how you can contribute to Mattermost documentation (also, option for stipend)

#Qubes OS on Google Season of Docs programme:

https://www.qubes-os.org/gsod/
https://www.qubes-os.org/gsod/#project-ideas-list

> X is inviting you to the X TECH TALK [Cyber Security Emerging Threats] in Berlin.

> Please connect with me to get a free VIP ticket!

Just answered on /r/asknetsec 'List or cheatsheet of chrome dev tools exploits' https://www.reddit.com/r/AskNetsec/comments/bkmja3/list_or_cheatsheet_of_chrome_dev_tools_exploits/ (though OP means web app not web browsers)

APNIC's Chief Scientist, Geoff Houston, post on #DoH, security, and #privacy. https://www.potaroo.net/ispcol/2019-04/moredoh.html via @rcode3

Just updated: Full list of msfvenom payloads

https://superuser-ltd.github.io/2017/msfvenom-payloads/

See / download at https://github.com/rapid7/metasploit-framework

I actually really like this idea of a security logging admins cookbook - but needs to be done independently (ie no vendor involvement)

A Security Logging Admins Cookbook? https://www.reddit.com/r/SIEM/comments/aoxwg6/a_security_logging_admins_cookbook/

- I need to buy a monitor to plug in this Ubuntu NUC that I have (plus keyboard and mouse)
- I may purchase a 'good' Android phone and put on latest Kali Linux, perhaps second hand off someone.
- May possibly purchase a new laptop also and have it with a BSD? Previously I've had lots of electronics before (several NUCs, 2 keyboards, two monitors, 3 laptops, iPad) and learnt my lessons trying to move countries not to have so many things, bit nervous

Who says "Dee dee oh es" instead of "Dee-dos"

Ah vendor cert modules .. going through AWS security modules tonight.

huh @bagder live twitches some of his work on cURL https://www.twitch.tv/curlhacker

That + PyCon sprints where you can contribute to open source. Lots to get involved with!

The Open Web Application Security Project (OWASP) i is part of Google Season of Docs https://developers.google.com/season-of-docs/docs/participants/

AWS Overview and Security Tips https://static.peerlyst.com/image/upload/v1505748735/post-attachments/Cyber_Security_Amazon_Course_1_tqtsxy.pdf