Posts
15
Following
27
Followers
2
penetration tester
low poly Internet Checkpoint - [Ambient Dub Techno Mix]

https://www.youtube.com/watch?v=pR2IEx_zJuU
0
0
0
Edited 26 days ago
Quake 3 Source Code Review: Architecture (Part 1 of 5)

"Carmack had decided, for the First time, to delegate the job of creating these bots to another programmer in the company. But he failed to follow up. Once again, Carmack incorrectly assumed that everyone was as self-motivated and adept as he was. He was wrong.

When Graeme struggled to rein in the work, it was discovered that the bots were completely ineffective. They din't behave at all like human beings. They behaved, basically, like bots. The staff began to panic. By March 1999, they had reason to be scared. [..]"

https://fabiensanglard.net/quake3/index.php
0
0
0
[RSS] How JWT Libraries Block Algorithm Confusion: Key Lessons for Code Review

https://pentesterlab.com/blog/jwt-algorithm-confusion-code-review-lessons
0
4
1

Major issue with CrowdStrike Falcon Sensor causing massive Windows 10 outages globally.

Fleets of 50k+ machines stuck in BSOD loop. 70%+ laptops down in some orgs.

Workaround:
1. Safe Mode
2. Delete C:\Windows\System32\drivers\CrowdStrike\C-00000291*.sys
3. Reboot

Regions impacted: EU-1, US-1, US-2, US-GOV-1, AU, MY, NZ

Check systems & invoke IR plans ASAP!

0
6
0
"many 911 and non-emergency call centres are not working correctly across the State of Alaska"

Periodic reminder that "security by shoving in more complexity" is an especially bad idea in case of critical infrastructure...

#CrowdStrike
1
3
8
Edited 5 months ago
0
0
0

You open up a Commodore 64, and the box says "welcome to the world of friendly computing."

You turn on a modern PC, and it immediately threatens your data unless you agree to save your data to *their* cloud service.

That right there is why we talk about vintage computers. Folks need to be reminded of what's possible.

5
31
1
Edited 6 months ago
It's been 4 years since I started working as a penetration tester so I'm barely a medior but I realized a hard truth (actually @buherator made me realize this, haha) during this journey. You can be a pentester without any special programming knowledge, knowing only some bash/python scripting will get you somewhere but if you
really wanna advance in this field you gotta learn programming properly.

This is why i'm dipping my toes in C2 client/server development as im progressing through the book "Advanced Penetration Testing" by Wil Allsopp. I'm probably not gonna use these practice tools in a real engagement but I think it'll be profitable to see how these kind of tools are built from the ground up.

In the last week I've posted some tutorials intended for beginners regarding the exercises in the book:

https://cygnus.mataroa.blog/blog/apt-insights-part-1-vba-and-vbs/
https://cygnus.mataroa.blog/blog/apt-insights-part-2-command-and-control/
https://cygnus.mataroa.blog/blog/apt-insights-part-21-cc-dev-environment-with-visual-studio-and-vcpkg/

https://www.amazon.com/Advanced-Penetration-Testing-Hacking-Networks/dp/1119367689
0
1
2

Chris Gioran 💔

The year is 2030.

Computers boot directly into the browser. IDEs are just a web app now, running in the GPU. No one knows why. Or how.

All programs run in 4 nested containers on top of a hypervisor abstracting over the 5 major computational clouds. The last time a branch was predicted correctly, in any CPU anywhere, was 4 years ago.

Cloud costs are withdrawn directly from your retirement fund.

Ext7 just came out, it's written in Javascript and uses AI to guess what the file may contain.

10
23
0
Edited 6 months ago

Just published age v1.2.0 ✨

Minor release:

• binaries built with Go 1.22.4
• plugin client API
• CLI edge case fixes
• RecipientWithLabels to make auth'd or post-quantum recipients

Very happy about the last point, it was the last hardcoded thing about scrypt recipients.

https://github.com/FiloSottile/age/releases/tag/v1.2.0

0
3
0
Show older