This example is not as bad as an open RCE, but still, very few researchers are actually digging into the vast and complex world of video games launchers/agents
so, out of curiosity and the switch to the MacBook pro, I have set up Kali very minimal and opened up SSH so I can hit it from iterm2 locally.
anyone used this in a test? I have a lot of tools native now so minimizing kali's foot print seems logical next step.
"man I forgot how much fun gparted is" said no VM user EVER.
provision your vms with enough memory kids.
some positive steps at work. new equipment in the form of MacBook Pro's, finally got the Jr. off the title. OSCP journey will be funded 100%.
- finish the elearnsecurity PTPv4. procrastinating so hard on that.
- attend black hat/defcon this year. (hopefully)
come on 2018, roll right.
#patience being tested today working with new pentesters. young, dumb and full of... they get on a box for like 3 seconds and start spraying every exploit known to man at it. seriously might take away their Kali instances and make them use Gentoo or Debian vanilla tomorrow. teach them that enumeration is more important than jackhammering a box like your junior prom date.
In my last week at my current job. Mostly hand off stuff. Need to document some processes and... that’s about it.
They brought me in to build out a pentest practice. I did that. Built up a small team. Built up our reputation. Believe it can continue on with out me.
On to new things.
learning how to use php://filter to my advantage. got to admit that some write-ups on webapp testing are written with very little to no information. to much "do this and that" and not enough "this is why you do this"
plus, the whole RTFM culture is still alive and well.
stuck in config file hell! URxvt, i3wm... but the Lenovo T430 is smokin' fast again.
so just finished season 3 of Mr. Robot... damn
well now... security advised a recess... uh oh
With Algo you at least control the system, but you're not immune to surveillance once the data leaves. This problem doesn't go away when you use a commercial VPN.
Anyone recommend an Android app for this stuff? Tried a few and they kept refusing to connect.
OK, I'm here now... y'all can relax