tnkr is a user on infosec.exchange. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
tnkr boosted

This example is not as bad as an open RCE, but still, very few researchers are actually digging into the vast and complex world of video games launchers/agents

so, out of curiosity and the switch to the MacBook pro, I have set up Kali very minimal and opened up SSH so I can hit it from iterm2 locally.

anyone used this in a test? I have a lot of tools native now so minimizing kali's foot print seems logical next step.

tips?

"man I forgot how much fun gparted is" said no VM user EVER.

provision your vms with enough memory kids.

some positive steps at work. new equipment in the form of MacBook Pro's, finally got the Jr. off the title. OSCP journey will be funded 100%.

still to-do:
- finish the elearnsecurity PTPv4. procrastinating so hard on that.
- attend black hat/defcon this year. (hopefully)

come on 2018, roll right.

being tested today working with new pentesters. young, dumb and full of... they get on a box for like 3 seconds and start spraying every exploit known to man at it. seriously might take away their Kali instances and make them use Gentoo or Debian vanilla tomorrow. teach them that enumeration is more important than jackhammering a box like your junior prom date.

tnkr boosted

In my last week at my current job. Mostly hand off stuff. Need to document some processes and... that’s about it.

They brought me in to build out a pentest practice. I did that. Built up a small team. Built up our reputation. Believe it can continue on with out me.

On to new things.

learning how to use php://filter to my advantage. got to admit that some write-ups on webapp testing are written with very little to no information. to much "do this and that" and not enough "this is why you do this"
plus, the whole RTFM culture is still alive and well.

stuck in config file hell! URxvt, i3wm... but the Lenovo T430 is smokin' fast again.

to those that run ... why do you hate yourself?

tnkr boosted

@tnkr @angristan @tinker I'm using it in Linux and iOS, and tested it in Windows. No issues on any.

so just finished season 3 of Mr. Robot... damn

tnkr boosted

well now... security advised a recess... uh oh

tnkr boosted

@tnkr @tinker At some point your traffic has to exit the tunnel. With a commercial VPN provider, they control the system itself and the outgoing pipe.

With Algo you at least control the system, but you're not immune to surveillance once the data leaves. This problem doesn't go away when you use a commercial VPN.

oh boy, another day of no testing... I need to find a red team job.

animates user avatars. very nice.

Anyone recommend an Android app for this stuff? Tried a few and they kept refusing to connect.

and sometime poster... hate conference calls and hate the idea of code review. Any one got a link to the recent dumps?

OK, I'm here now... y'all can relax