Show more
X_Cli boosted

Please enjoy this ad that has apparently been banned in France. I kind of love it. youtu.be/kMpqVfnuyII

Camping, vacation 

Myself, lighting a fire with a camp knife (Mora companion), a firesteel, and a paper handkerchief

infosec.exchange/media/amNdHSL

Show thread

Camping, vacation 

Funny how I wake up to tremendous back pain in my $700 mattress and I wake up unscathe after a night in a hammock at a camp fire 😅 I think I should move 😂

infosec.exchange/media/PvVz9fy

X_Cli boosted

Nous publions aujourd'hui une nouvelle version bêta de #Mobilizon, à la fois pour montrer les avancées depuis la reprise du développement, mais aussi pour commencer les tests, notamment avec les personnes qui sauraient l'installer sur leur serveur.
➡️ joinmobilizon.org/fr/news/#20-

Vacation 

The simple pleasure of life: lighting a pocket wood stove on the beach and boiling a hot tea, with your significant other at sun down❤️

infosec.exchange/media/wL9Ln4s

infosec.exchange/media/wTiep7Q

X_Cli boosted

New BIND 9 versions out, fixing two security issues:

CVE-2020-8619: An asterisk character in an empty non-terminal can cause an assertion failure in rbtdb.

CVE-2020-8618: A buffer boundary check assertion in rdataset.c can fail incorrectly during zone transfer

A summary of changes in the new releases can be found in their release notes:

9.11.20 - downloads.isc.org/isc/bind9/9.

9.16.4 - downloads.isc.org/isc/bind9/9.

Je aussi une en à , pour un groupe constitué d'une boite qui développe une solution de sécurité, et d'une boite de prestation de services informatiques (y compris pentests). Suivi de carrière, recrutement, tout le toutim. Je suis pas bien placé pour en parler ; je suis ingé sécu, mais si vous connaissez des gens intéressés, je forward volontiers :)

Show thread

Je , en CDI, en interne (pas de presta), création de postes, à :
* un et réseau, principalement et , mais un peu de aussi. Bonus si compétence en sécurité.
* un développeur sénior, Py/#Go/#Rust avec appétance pour le bas-niveau (lire du de Linux ou autre, écrire du code système et réseau)
* un testeur ( principalement), env /#k8s,
* un chef d'équipe d'intégration (relation client, déploiement, tests, docu, formation).

X_Cli boosted

re: job 

So in case anyone is looking for a solid "techie" in the broader Frankfurt am Main area that tries to do things right from start to end, with expertise ranging from firmware/OS hacking in C over network/infrastructure design to high level automation: I'm looking around to put my skills at proper use.

Feel free to boost this, drop me a message or point to general directions.

Show thread
X_Cli boosted
X_Cli boosted

c'est fini !

Vidéos/slides/articles depuis le programme : sstic.org/2020/programme/

et les actes en PDF : actes.sstic.org/SSTIC20/sstic-

Merci à l'équipe organisatrice de cet évènement et à tous les speakers !

@jpmens Hey there :) I hope you are doing well. Long time since I read a toot from you :)
I have been putting to practice one of your advice recently and I am struggling a bit. I tried to do what you explain in this post: jpmens.net/2020/01/16/creating

Unfortunately, it seems that pip is doing a POST / query, for instance when running pip search smth, and that nginx is refusing to serve POST requests on autoindex. You are citing nginx as a possible web server for this. Did you experience smth similar?

Tool of the day: man7.org/linux/man-pages/man8/

Packet mirroring/stealing with TC

TC is really an amazing tool 😲

Does someone know why IPIP tunnel interfaces are visible in all network namespaces? I created one in my "default namespace" and it is present in all (children?) namespaces. Are they inherited for some reason? Why? Can I disable this?

X_Cli boosted

~Open Source Security Tool of the Day~

Whilst I prefer hardening systems manually, this is a very effective way for automating Linux hardening for those who are new to the concept and learning from the experience.

github.com/x08d/lockdown.sh/bl

X_Cli boosted

The latest in DNS Amplification DDoS

New vulnerability in DNS server software can be leveraged for DDoS attacks with an 1620x amplification factor.

zdnet.com/article/nxnsattack-t

Je ASAP un sénior qui a d'excellentes bases système, pour bosser sur un produit de sécurité basé sur de l'. Il faut aimer mettre le nez dans le kernel , utiliser des syscall dont personne de raisonnable n'a entendu parler, trifouiller de la conf système et réseau, se prendre le chou avec des problématiques de développement sécurisé.

On kiffe le et le et on commence à en mettre partout. On utilise énormément .

Télétravail OK, bureaux à Paris.

COVID-19 France Unconfinement 

French Administration is doing what it does best: establishing bazillons of arbitrary rules for unconfinement. Some of those rules cannot be enforced nor followed for what it is worth. They are allowing merchants to establish arbitrary rules to restrict access to their establishment, which will be abused.

STOP MANDATORY CONFINEMENT NOW. FREE THE PEOPLE.

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.