The thing i'm the most excited about with the OpenBSD 6.4 release?
Audio Recording is now disabled by default, and can be enabled with the new kern.audio.record sysctl variable.
YOU GET ME 🤗 YOU GET ME SO MUCH. ❤️
ok for real, this may not be crazy revolutionary to anyone, but c'mon. with everything turning into a tap, it feels -excellent- that this is now a secure default.
I don't want to be an elitist fuck but the popularity of #arch is problematic because it was never designed to be easy. one step away from gentoo is not always going to play nice.
OSCP done and passed. What an absolute piss poor excuse for a certification that is supposed to represent the industry. Thing is more out dated than my 90's DC shoes and JNCO jeans. And now with their proctoring exams via web and screen share. Step 1 in being a security company, demand all students give up personal security for 24 hours because people are cheating on your unmodified in almost a decade exam. #isaidit #flameon #OSCPisthenewCEH
well there it was. I was on an older Linux kernel and nmap --interactive. damn... hours, folks... hours.
moral of the story that really is well known but not adhered to... it's not about the exploit, it's about the misconfigurations.
I'm sure we have all had those moments but damn if it ain't frustrating.
I sat on a box last night and it was pushing me to throw in the towel and go to bed. it kept eating at me, "I'd seen this before!" I thought to myself but I just could not get the escalation. kernel exploit after kernel exploit being thwarted by account limitations.
exploit-db has an extreme issue with proper documentation. spent 2 hours fixing a gcc issue in the blind, so to speak.
this box was haunting me, y'all.
then it hit me, "mistakes and misconfigurations". where are they?
literally went "fuck it mode" in the #pwk lab yesterday and popped all boxes with exposed 445 (in the public network minus two that are not exposing pipes)... thank you nsa for the useful tool.
can't use them all for the lab write ups but it felt pretty bad ass to knock down that many boxes in the span of 5 minutes.
now after web apps, again. need to focus on diversifying my LFI/RFI skillset.
Well, here goes my #introduction.
Active IT security specialist working as security consultant. Am not scared of a bit of #gaming in between days of #hacking at work. Worked mainly in blue teaming before, nowadays focus and work much more in red teaming.
This seems like a neat little community, pleased to meet y'all.
2/90 down. not really impressed with the #PWK lab environment. lots of unstable boxes getting hit constantly. 5 boxes owned and another network accessed. trying to make php do my bidding at the moment but it's not cooperating with me.
also, the VM they give you with the class... garbage. msf failing 2/3 when trying to load, several notable exploits missing and no way to get them. switched back to my test box. muchh better now.
#MyOSCPJourney has just started. 90 days to go. nmap is running at a furious pace and I have managed to create a maze of directories that I will surely forget about in my attempt to stay organized. probably need a mind map of the directory structure.
A Mastodon instance for info/cyber security-minded people.