While the world was tearing itself apart of Stack Overflow being down, I put together my new chair. and my God, my back is soooo thankful.

tnkr boosted

The thing i'm the most excited about with the OpenBSD 6.4 release?

Audio Recording is now disabled by default, and can be enabled with the new kern.audio.record sysctl variable.

YOU GET ME 🤗 YOU GET ME SO MUCH. ❤️

ok for real, this may not be crazy revolutionary to anyone, but c'mon. with everything turning into a tap, it feels -excellent- that this is now a secure default.

tnkr boosted

I don't want to be an elitist fuck but the popularity of #arch is problematic because it was never designed to be easy. one step away from gentoo is not always going to play nice.

So using DuckDuckGo as the default search is taking some getting used to. It's weird to see how accustom we are to "forced" results versus "pure" results. Gonna take some re-education for sure.

All this DuckDuckGo talk... Guess I need to check it out again.

OSCP done and passed. What an absolute piss poor excuse for a certification that is supposed to represent the industry. Thing is more out dated than my 90's DC shoes and JNCO jeans. And now with their proctoring exams via web and screen share. Step 1 in being a security company, demand all students give up personal security for 24 hours because people are cheating on your unmodified in almost a decade exam.

part 2:

well there it was. I was on an older Linux kernel and nmap --interactive. damn... hours, folks... hours.

moral of the story that really is well known but not adhered to... it's not about the exploit, it's about the misconfigurations.

I'm sure we have all had those moments but damn if it ain't frustrating.

I sat on a box last night and it was pushing me to throw in the towel and go to bed. it kept eating at me, "I'd seen this before!" I thought to myself but I just could not get the escalation. kernel exploit after kernel exploit being thwarted by account limitations.

exploit-db has an extreme issue with proper documentation. spent 2 hours fixing a gcc issue in the blind, so to speak.

this box was haunting me, y'all.

then it hit me, "mistakes and misconfigurations". where are they?

literally went "fuck it mode" in the lab yesterday and popped all boxes with exposed 445 (in the public network minus two that are not exposing pipes)... thank you nsa for the useful tool.

can't use them all for the lab write ups but it felt pretty bad ass to knock down that many boxes in the span of 5 minutes.

now after web apps, again. need to focus on diversifying my LFI/RFI skillset.

tnkr boosted

php://filter is my go to tool and it hasn't worked once in the labs. I need new tricks, y'all!!

tnkr boosted

Well, here goes my .

Active IT security specialist working as security consultant. Am not scared of a bit of in between days of at work. Worked mainly in blue teaming before, nowadays focus and work much more in red teaming.

This seems like a neat little community, pleased to meet y'all.

2/90 down. not really impressed with the lab environment. lots of unstable boxes getting hit constantly. 5 boxes owned and another network accessed. trying to make php do my bidding at the moment but it's not cooperating with me.

also, the VM they give you with the class... garbage. msf failing 2/3 when trying to load, several notable exploits missing and no way to get them. switched back to my test box. muchh better now.

has just started. 90 days to go. nmap is running at a furious pace and I have managed to create a maze of directories that I will surely forget about in my attempt to stay organized. probably need a mind map of the directory structure.

really feel the need to pull the plug on social media. it's too toxic now days... even people trying to preach a "good" message are simply toxic in their delivery.

tnkr boosted

This example is not as bad as an open RCE, but still, very few researchers are actually digging into the vast and complex world of video games launchers/agents

so, out of curiosity and the switch to the MacBook pro, I have set up Kali very minimal and opened up SSH so I can hit it from iterm2 locally.

anyone used this in a test? I have a lot of tools native now so minimizing kali's foot print seems logical next step.

tips?

"man I forgot how much fun gparted is" said no VM user EVER.

provision your vms with enough memory kids.

some positive steps at work. new equipment in the form of MacBook Pro's, finally got the Jr. off the title. OSCP journey will be funded 100%.

still to-do:
- finish the elearnsecurity PTPv4. procrastinating so hard on that.
- attend black hat/defcon this year. (hopefully)

come on 2018, roll right.

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.