mathias boosted

Watching youtu.be/PdCQChYrxXg?t=1770 again after my first time a a few months after that video came out. Pointing to this section of the video in particular because while a lot is being said about the steps to detection nothing much in terms of the lead up to the first 'smell' of an attack.
Imagine seeing that graph as an alert fatigued analyst. This is where security automation comes in. And yes, I'm going to add a buzzword in it, ML via risk classification engines rather than handmade scoring.

I also plan to write an abbreviated version on vagn.es next week if you're not up to reading almost 80 pages :p

Show thread

hence, this is what I wrote my thesis about: rubberduckies in a forensic environment

if you wanna read it, it's freely available here:

git.qore.no/vagnes/uc3fdp201/s

Show thread

So it's actually not that cut and dry, because I looked at p4wnp1 and other existing solutions to be used in a forensic setting, but they never seem to really fit my specs.

Show thread

tired: use existing rubberducky solutions
wired: create a new one in circuitpy 👀

github.com/vagnes/orthrus

I'm back, with one degree more than when I left!

I think my instance is stable enough to move to, so I think I will do just that.

Thanks for hosting me this long time @jerry , all the best!

mathias boosted
mathias boosted

Happy New Years, ya filthy animals! 🦙🐫🐄🐑🐈🐓🐏🦏🐆🐅🦝🐿🐇🐀🕊

@R10T Compared to mastodon, it's lighter to run and it's a different technology than I'm used to, which makes it really interesting. I'm not moving for other reasons, just wanted to see how it worked and if I could manage my own instance. infosec.exchange is an awesome place and I've learned a lot here.

@kaniini I had to update the dockerfile bco elixir 1.7, but didn't change it apart from that. Angristan seems like he updated it for web push 21d ago github.com/angristan/docker-pl

@kaniini I think so, I sat it up with angristan's docker-pleroma guide, although I see in the dockerfile that it only says "CMD ["mix", "phx.server"]". Should it also mention the MIX_ENV here?

@kaniini Thanks! And if it logs "If you wish to enabled web push, please run "mix web_push.gen.keypair" and add the resulting output to your configuration file." even though I seemed to have configured it, is that also normal?

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.