shellsharks

@shellsharks@infosec.exchange

Infosec researcher | Find me @ https://shellsharks.com

#fedi22 #infosec #cybersecurity #tech #indieweb #apple searchable

Profile picture: A red shark holding a terminal window shaped like a surfboard. The terminal reads “> whoami shellsharks”

https://keyoxide.org/FA7AC5E3626AEF016A5AD0BB172E73E0A585273E

This profile is from a federated server and may be incomplete. Browse more on the original instance.

h4sh, to random

A feature for showing Github PoC repos have been added to https://fedisecfeeds.github.io, along with number of PoC repos for each #CVE listed along side CVSS and EPSS scores on the top table

shellsharks,

@h4sh Nice. This is dope.

shellsharks, to CSS

I can’t overstate how much I hate #CSS. Extremely humbling trying to do anything resembling good, “modern”, responsive #webdesign. Been working on some heavier under-the-hood changes to my #githubpages-based #jekyll #staticwebsite and wow my eyes and soul hurt.

A related question, anyone ever implement full-body text search on a static site / Jekyll site before? I’ve been looking into maybe lunr.js…

#fedihelp #webdev

djchateau, to random

This is a bad idea, right? Does anyone feel like giving me a pep talk so I don't avoid this indefinitely? My confidence has been in the tanker since I parted ways with Bitwarden and the thought of spending this much and failing while unemployed is terrifying. Despite aceing the EJPT, it wasn't enough to even land an entry-level penetration testing job and I'm tired of constantly being ignored for even entry-level cybersecurity positions because I don't have this specific certification despite my other experience as a systems/network admin, help desk support and an embedded systems engineer.

shellsharks,

@djchateau OSCP is great, and I’m not saying it won’t look good on your resume or help you get an interview, but I wouldn’t go into it thinking it will solve your job search issues or land you a pentester role. There’s a couple things going on right now…

  • Job market is being squeezed. January is here and that means it’s apparently layoff season. Layoffs means more talent in the job search pool and also means budgets for new roles across orgs is limited or non-existent.

  • Pentesting is probably THE most popular infosec role, which means LOTS of folks are trying to break in that way, which means consistently high competition in this space.

  • “Entry level” pentesting roles are hard to come by as it is, as it is often thought of as a more senior/experienced type of role.

Instead of trying to find a “pentester” role specifically, you should instead work on finding a “security engineer” role that includes some offensive responsibilities. Every company tends to hire engineer and/or analyst titles and though your day-today will likely not be exclusively pentesting, it could include that as a heavy chunk of what you do. Plus, “engineers” make more $$ than most pure pentester roles from what I’ve observed.

Also, if you are currently unemployed, I would focus on getting any role you could across the infosec-proper spectrum. Some good places to look if you want to be offsec-adjacent would be Vulnerability Management, Application Security and Cloud Security.

Good luck! Remember to not focus solely on certs as a way to boost your portfolio though. Here I’ve written up some other things you can try…

https://shellsharks.com/cyber-clout

shellsharks,

@djchateau Yeah the infosec industry has been like this for as long as I’ve been in the field (so over 10 years now). Artificial barriers, moving targets in terms of what “entry level” experience is, etc… HR doesn’t know how to hire for these roles, managers often have unrealistic expectations, hoping to find “unicorns” or “rockstars” with every cert, MS degree, etc… but these people just don’t exist at scale. Back when I was first looking for infosec work I had a degree, several years IT experience and even a cert and it still took me forever. It came down to just applying applying applying until my fingers and eyes bled pretty much. Best advice I can give ya is to work on high RoI things for your portfolio (see the link I sent) and apply to everything you can find. For as hard as it is to find work these days, it has always been 10x as hard for those trying to break in for reasons that still aren’t entirely clear to me, but probably gate-keepy related.

Good luck! Try the #fedihired hashtag and leverage the sizable network of infosec folks on Mastodon. There are lots of managers, CISO’s, company founders, senior folks, etc…

AlicornSkyler, to random

I keep wanting to post on here more but I am hesitant because I wanted to keep my posts mainly info sec related but my info sec life is a bit boring right now. So should I stick with only info sec posts and just rarely post or should I post about other things I am doing like right now? My main focus currently is on myself and doing things like working out or learning to do makeup better.

shellsharks,

@AlicornSkyler I try to stay mostly infosec-related on this account and have an alt for other stuff but of course stray from that from time to time. Here’s kinda my philosophy…

https://shellsharks.com/notes/2023/07/06/split-social-personalities

This said, I follow a lot of people here and most aren’t 100% or even 80% infosec, they have plenty of other types of things they chat about. Thats OK honestly. Id say as long as you set your replies to Unlisted and don’t spam the main timeline with 50 posts a day (infosec or not), you won’t run the risk of alienating anyone.

shellsharks,

@AlicornSkyler Definitely don’t recommend people running multiple accounts. I make it work because I’m online TOO much 😅.

Thanks for the kind words too! I’ll add that I like your acct name! My daughter is 6 months old and her name is Skyler! 👶

shellsharks, to lemmy

Wrote a “guide” to / last year after Reddit went full enshittify.

https://shellsharks.com/threadiversal-travel

If you’re interested in checking out a -based alternative to Reddit, come check out infosec.pub! It hosts a number of communities including one I’ve stood up for / !

https://infosec.pub/c/cybersecurity

shellsharks,

@AssaultPepper @ed209 Yeah I loved Reddit back when and honestly would still get a lot of use out of it if I were to drag myself back there. I’m attempting a principled stand and trying to build something useful on the Fediverse. So as Ty said, I’m attempting to dedicate myself to this side and turn it into something more. Some communities (e.g. cybersecurity) are better poised to achieve this in shorter order. Smaller, more niche communities def have a harder grind to do it.

BagheeraAltered, to random

Every Monday, I send out a CyberSecurity Newsletter; I have also switched to using Buttondown:

This week’s news: Critical vulnerabilities in GitLabm Ivanti, Bitlocker, and Apache. Data Breaches at a US laptop maker and an Aussie travel agent leave customers data in the open, Microsoft Themebleed has an exploit in the wild, and with so many AI and ML projects starting hackers turn their attention to the AI supplychain like TensorFlow.

https://buttondown.email/BagheeraAltered/archive/cybersecurity-newsletter-15th-of-january-2024/

shellsharks,

@BagheeraAltered Well done for making the switch. Love it!!

cyber_anom, to random

So I started prepping for the OSCP!

shellsharks,

@cyber_anom Good luck!

Here’s some (rather old) tips on taking the course / exam…

https://shellsharks.com/training-retrospective#offensive-security-certified-professional-oscp

bixfrankonis, to blogging
@bixfrankonis@social.lol avatar

My wishlist for #Blogging in 2024: for the love of all that is holy, if you both micro and macro blog on your own site, have an extra, separate #RSS feed for just your macro posts.

shellsharks,

@bixfrankonis I do this already! Woooo 🎉😅

jszym, to fediverse
@jszym@cosocial.ca avatar

Everything on the wiki looks insanely cool, and there is a lot of documentation, but am I the only one who hasn't a clue how to adopt 99% of what is on there?

and might be hard for folks to grok at first, but the on-ramp for for me looks like the Cliff's of Dover.

That said, I am acknowledging that plenty of folks are using IndieWeb to make truly insane things. I just want in! :P

shellsharks,

@jszym Here you can see how I added #indieweb properties/functionality to my static site and graded my site using #indiemark. A lot of the “advanced” capabilities are either difficult to implement (especially using a static site) or poorly specified.

https://shellsharks.com/indiemark-score

xoCaitlin, to random

I need to follow more infosec people

shellsharks,

@xoCaitlin I’ve been recommending cool #infosec accounts I’ve discovered for a few weeks now if you want to browse the lists! https://shellsharks.com/notes/2023/10/20/infosec-mastodon-starter-pack#for-infosec-folks

stf, to random
@stf@chaos.social avatar

https://wiby.me/ looks pretty cool to me, it is a searchengine indexing traditional web1.0 content, give it a try.

shellsharks,

@stf I posted about some #indieweb / #smallweb search engines yesterday if interested https://infosec.exchange/@shellsharks/111746512133010653

ausernamedjosh, to random

I’m going to start a mask only infosec/hacking conference in Pittsburgh next year called Maskon. Boost if you’d like to attend.

shellsharks,

@ausernamedjosh I’ll take any excuse to go to Pittsburgh. Loved it there. I’m in NoVA.

mikansoro, to random

Also, hi internet! It's been a while since I was last on the fediverse, hopefully it becomes more frequent.

shellsharks,

@mikansoro Yes! Come hang with us. We got memes, cats and cat memes. So pretty good.

dnsprincess, to random

If someone describes NFC phishing is something akin to "Niphing" or something... I will die ☠️​

shellsharks,

@dnsprincess Stop! Someone birthed “quishing” into the world by giving it a name and now youve done the same. Stahhhhhp! 😅

nopatience, to random
@nopatience@swecyb.com avatar

@shortridge Hey, I really like the theme of your blog, is that hand-crafted or available somewhere?

And is that... Hugo or what? Gave me some well-needed kick in the... blog, need to update my own.

shellsharks,

@shortridge @nopatience I’m on Jekyll/Git Pages rn and seriously considered going over to Ghost. Cause so many folks are on about it right now. After some research though I’ve decided to stick with Pages and put some time into a refresh. SSGs offer some freedom you miss out on using a CMS like Ghost, WP, etc…

ninkosan, to random

Well, moved off my own mastodon instance onto infosec.exchange.

Maybe an opportunity to start the year(ish) off right and write a blog about why? Been needing to find something to write about to get back into it 🙂

shellsharks,

@ninkosan Welcome! 👋

lqdev, to Battlemaps

IndieWeb assimilation https://www.luisquintanilla.me/feed/indieweb-assimilation-shellshark?utm_medium=feed

shellsharks,

@lqdev 😁

LaGrange, to random

Ok now I’m a little sad. I just recently found the Artifact app, and now it’s shutting down. What app do you all use to read various types of news on all kinds of topics?

shellsharks,

@melroy @LaGrange Ah yes, you are correct! #mbin !!!!

mikehaynes, to random

Can we just make a new #indieweb search engine that uses tags and requires people submit their own site to be a part of it?

shellsharks,

@mikehaynes Definitely a lot of attempts at #IndieWeb / #smallweb search engines/repos/lists. I’ve (somewhat poorly) tried to capture a lot of them here… https://shellsharks.com/indieweb.

In no particular order…

*Maybe someone could build a search engine that would aggregate results from all or some of these?

bitspook, to RSS

Is there an #rss reader which can also show my fediverse subscriptions? I am planning to build one if something like this don't exist. I want:

  1. Must read my RSS subscriptions. i.e they show up as explicitly marked 'Unread' until I read them
  2. Skim through my fediverse subscriptions; with ability to mark some people/topics as Must read
  3. Publish to fediverse (ideally to my personal site, which gets shared on my Mastodon automatically)

Do anyone know of something that might fit the bill?

shellsharks,

@bitspook Loom at the work @benpate is doing with #Emissary https://github.com/EmissarySocial/emissary

ohhelloana, to random

What is your favourite blog post that you’ve written?

shellsharks,

@ohhelloana Ooo Good question. Probably a solid week or two.

nyan_satan, to random

Name a bigger downgrade

10 years ago on this day Apple Inc. took away the thing I love the most

Skeuomorphism

They say time heals, but in my case it only gets worse…

shellsharks,

@nyan_satan This one still hurts

  • All
  • Subscribed
  • Moderated
  • Favorites
  • anitta
  • InstantRegret
  • mdbf
  • ngwrru68w68
  • magazineikmin
  • thenastyranch
  • rosin
  • khanakhh
  • osvaldo12
  • Youngstown
  • slotface
  • Durango
  • kavyap
  • DreamBathrooms
  • JUstTest
  • tacticalgear
  • ethstaker
  • modclub
  • cisconetworking
  • tester
  • GTA5RPClips
  • cubers
  • everett
  • megavids
  • provamag3
  • normalnudes
  • Leos
  • lostlight
  • All magazines
    •