Loving the new @substackinc dashbaord. Much more clear and with lots more of relevant information one wants to see about their publication :dance_cool_doge:
Holy shit did we dodge a bullet. When I upgraded our mastodon server last December I originally ordered a Gigabyte motherboard as part of the upgrade, ended up sending it back as defective.
Turns out it was much, much more defective than I knew.
#Infosec and #socialengineering mastonauts: Do you have any experience with using masterprints for fingerprint sensors? Interested in looking into that for teaching purposes....
I’m officially 2 weeks into my PNPT journey. The main course has so far gone over enumeration & OSINT, finding & utilizing exploits against systems & crafting our own buffer overflow attacks, & using tools such as Burp Suite, Metasploit & Nessus.
Now we’re focusing heavy on Active Directory. I did an LLMNR poisoning attack to grab domain user credentials & used Hashcat to crack the hash last week.
But I was STUCK on SMB relay attacks lol but I was able to get it lol #infosec#cybersecurity
At least 18 different malicious extensions (as of 30 MAY and this post) identified by @WPalant
Remember extensions have privileged access to the browser (and data in the browser). Choose your extensions wisely... they could be #spyware or #malware in disguise.
Dear #infosec community. How come we use Mastodon and not Nostr? I find it a little odd because, technically speaking, Nostr is way more interesting, don't you agree? User experience is great on Mastodon (talking elk.zone) though - and the crowd is better (in my bubble anyway). What's your take on Mastodon v Nostr? Genuinely interested in your opinions
Why should you aspire to be an information security librarian rather than an information security rockstar?
When you should build a security tool versus buy it?
What physical security risk does a Honda Civic pose to your business?
Which area of information security was I surprised to find out was the most time consuming but important area to work on?
Find answers to all these questions, and more, in Security Operations in Practice, available from all good bookstores, and various online/digital marketplaces.
#100DaysOfHacking Officially started the next round of my journey learning infosec & it’s my birthday month sooo lol I gotta start off big.
I started this morning with learning crackmapexec which took the first set of credentials I found after compromising a system on Active Directory & found other machines on the network where I can use those creds. It also dumped the SAM hashes!
Last night I used Bloodhound to perform enumeration of an AD domain, it was so cool lol #infosec#cybersecurity
Things I may be working on in my upcoming #twitch streams spinning up a @matrix instance, Umbrel Bitcoin node with Electrum on a @Raspberry_Pi, Arduino tinkering with my Inventr.io kit, diving more into @GrapheneOS, and redoing my @QubesOS setup on my @purism Librem 14 laptop. #infosec#streamer
I'm running #pihole in recursive #DNS mode and having everything in my home and my public /29 use it as the main DNS server.
The good things? Ad/tracker blocking on things that don't have built in ad/tracker blocking like certain phone apps, less spam (I host my main mail server locally), reduced monitoring from my Internet provider.
The bad things? Single point of failure. If pihole is down, everything else is as well.