X_Cli @x_cli@infosec.exchange
- Real Name
- Florian Maury
- Occupation
- Network Guardian Angel
I am a RNG (Random Network-#infosec Guy): do not expect better toots than those produced by an infinite number of monkeys. #Antispeciesist
Joined Nov 2017
X_Cli
boosted
Please enjoy this ad that has apparently been banned in France. I kind of love it. https://youtu.be/kMpqVfnuyII
Camping, vacation
Myself, lighting a fire with a camp knife (Mora companion), a firesteel, and a paper handkerchief
Camping, vacation
Funny how I wake up to tremendous back pain in my $700 mattress and I wake up unscathe after a night in a hammock at a camp fire 😅 I think I should move 😂
X_Cli
boosted
Nous publions aujourd'hui une nouvelle version bêta de #Mobilizon, à la fois pour montrer les avancées depuis la reprise du développement, mais aussi pour commencer les tests, notamment avec les personnes qui sauraient l'installer sur leur serveur.
➡️ https://joinmobilizon.org/fr/news/#20-06-22
Vacation
The simple pleasure of life: lighting a pocket wood stove on the beach and boiling a hot tea, with your significant other at sun down❤️
X_Cli
boosted
New BIND 9 versions out, fixing two security issues:
CVE-2020-8619: An asterisk character in an empty non-terminal can cause an assertion failure in rbtdb.
CVE-2020-8618: A buffer boundary check assertion in rdataset.c can fail incorrectly during zone transfer
A summary of changes in the new releases can be found in their release notes:
Linux kernel lockdown, integrity, and confidentiality
Je #recrute aussi une #DRH en #CDI à #Paris, pour un groupe constitué d'une boite qui développe une solution de sécurité, et d'une boite de prestation de services informatiques (y compris pentests). Suivi de carrière, recrutement, tout le toutim. Je suis pas bien placé pour en parler ; je suis ingé sécu, mais si vous connaissez des gens intéressés, je forward volontiers :)
Je #recrute, en CDI, en interne (pas de presta), création de postes, à #Paris :
* un #adminsys et réseau, principalement #Linux et #Cisco, mais un peu de #Windows aussi. Bonus si compétence en sécurité.
* un développeur sénior, Py/#Go/#Rust avec appétance pour le bas-niveau (lire du #C de Linux ou autre, écrire du code système et réseau)
* un testeur (#Python principalement), env #Gitlab/#k8s, #vmware
* un chef d'équipe d'intégration (relation client, déploiement, tests, docu, formation).
X_Cli
boosted
re: job
So in case anyone is looking for a solid "techie" in the broader Frankfurt am Main area that tries to do things right from start to end, with expertise ranging from firmware/OS hacking in C over network/infrastructure design to high level automation: I'm looking around to put my skills at proper use.
Feel free to boost this, drop me a message or point to general directions.
X_Cli
boosted
#CVE-2020-13777: #TLS 1.3 session resumption works without master key, allowing #MITM
#infosec #cybersecurity
https://gitlab.com/gnutls/gnutls/-/issues/1011
You can list a directory containing 8 million files! But not with ls.
http://be-n.com/spw/you-can-list-a-million-files-in-a-directory-but-not-with-ls.html
X_Cli
boosted
#SSTIC2020 c'est fini !
Vidéos/slides/articles depuis le programme : https://www.sstic.org/2020/programme/
et les actes en PDF : https://actes.sstic.org/SSTIC20/sstic-2020-actes.pdf
Merci à l'équipe organisatrice de cet évènement et à tous les speakers !
@jpmens Hey there :) I hope you are doing well. Long time since I read a toot from you :)
I have been putting to practice one of your advice recently and I am struggling a bit. I tried to do what you explain in this post: https://jpmens.net/2020/01/16/creating-a-simple-python-pip-repository/
Unfortunately, it seems that pip is doing a POST / query, for instance when running pip search smth, and that nginx is refusing to serve POST requests on autoindex. You are citing nginx as a possible web server for this. Did you experience smth similar?
Tool of the day: http://man7.org/linux/man-pages/man8/tc-mirred.8.html
Packet mirroring/stealing with TC
TC is really an amazing tool 😲
X_Cli
boosted
~Open Source Security Tool of the Day~
Whilst I prefer hardening systems manually, this is a very effective way for automating Linux hardening for those who are new to the concept and learning from the experience.
X_Cli
boosted
The latest in DNS Amplification DDoS
New vulnerability in DNS server software can be leveraged for DDoS attacks with an 1620x amplification factor.
https://www.zdnet.com/article/nxnsattack-technique-can-be-abused-for-large-scale-ddos-attacks/
Je #recrute ASAP un #développeur sénior qui a d'excellentes bases système, pour bosser sur un produit de sécurité basé sur de l'#OSS. Il faut aimer mettre le nez dans le kernel #Linux, utiliser des syscall dont personne de raisonnable n'a entendu parler, trifouiller de la conf système et réseau, se prendre le chou avec des problématiques de développement sécurisé.
On kiffe le #Go et le #Rust et on commence à en mettre partout. On utilise énormément #Python.
Télétravail OK, bureaux à Paris.
COVID-19 France Unconfinement
French Administration is doing what it does best: establishing bazillons of arbitrary rules for unconfinement. Some of those rules cannot be enforced nor followed for what it is worth. They are allowing merchants to establish arbitrary rules to restrict access to their establishment, which will be abused.
STOP MANDATORY CONFINEMENT NOW. FREE THE PEOPLE.
#StopConfinement
- Real Name
- Florian Maury
- Occupation
- Network Guardian Angel
I am a RNG (Random Network-#infosec Guy): do not expect better toots than those produced by an infinite number of monkeys. #Antispeciesist
Joined Nov 2017
