Partner: Apparently, the boys went through your backpack. I found this in one of their pockets...

Me: 😳 You... you didn’t plug that into any of our computers, did you?!

Got a chance to tell a story on with Jack Rhysider.

Ep 36: Jeremy from Marketing

"A company hires a penetration tester to pose as a new hire, Jeremy from Marketing, to see how much he can hack into in his first week on the job. It doesn’t go as planned."

You can listen to it here: darknetdiaries.com/episode/36/

Don't have enough money for a GPU Hashcracker?
Spin one up in AWS*!

Guess every 8 character (Upper, Lower, Number, Symbol) password** in 3 hours, 10 minutes!

Not bad for $25 an hour.
----
* p3.16xlarge 8x Tesla V100 GPU Instance
** NTLM (Windows) Hash

When Blue Team has you cornered, but you have one last trick up your sleeve...

‪Oh, damnit.‬

‪Sixfab has a new baseband shield for the .‬

‪I told myself I don’t have time for this project. (And, I don’t...)‬

‪Alas.‬

‪My heart yearns and my soul cries. I’m going to have to tinker.‬

‪Gotta get this Pi Smart Phone working. Haven’t touched it in ages.‬

When you’re on a physical assessment and you use the restroom in the public lobby.

"Walking In On The Breach"
- When a pentester bumps into an adversary and interrupts an active intrusion.

A Christmastime Fireside Chat & Story

Listen to the one-hour holiday special on the podcast with @JohnsNotHere and @tinker here:

purplesquadsec.com/podcast/epi

‪Nothing like good saki and Spam Musubi on a cold Sunday night.‬

We lost many a good man, woman, and enby that night.

I still see their faces behind the glow of an LED screen.

But we served well. And cliented well.

Times I wonder why Eris didn’t take me instead. But I got to grow old. See you.

I love you, grandson.

I love you too, grandpa.

We brought in our Red Team. Dutiful folk, if a bit cocky. Asked them to hack back. Asked them to take down the attackers.

This was a sensitive op, illegal under the articles of war.

But our hackers just grinned their shit-eating grins and went to work.

It wasn’t enough. They sent out sharp shooters, routed through hacked toasters in the middle of Kansas and seven proxies behind that.

But they slipped up. Made a call directly to one of their malservers. No Tor, no armor.

We had them now.

We started blocking IPs. First one, then another, then another. But those dirty sons-of-bitches just hopped to a new IP each time.

So we brought out the big guns... started geoblocking entire regions. Fuck business. Fuck revenue. We had to protect our core interests.

Grandpa? Tell me about the cyberwars!

So there I was... Hunkered down behind the firewall trenches under a barrage of TCP scans!

All I remember seeing was an onslaught of SYN, SYN, SYN!!! We met them with RST after RST after RST!

My Discordia...

Netflix made a live action version of Jin-Roh: The Wolf Brigade.

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.