|
I have sec+ 401 or whatever and after lurking this thread for like five minutes a year or so ago, I felt completely uneducated. Where do I go to like... Learn this poo poo? I felt like all my training is teaching me how to cram for a test, not how things work. I understand physical security pretty loving well, thankfully.
|
# ? Oct 30, 2018 20:42 |
|
|
# ? Jun 9, 2024 02:37 |
|
you gotta get knee deep into things and get your hands dirty. training can get you started but just going into various certifications wont do you any good. the same can be said for pretty much every field in the world.
|
# ? Oct 30, 2018 21:14 |
|
Learn by doing. Do online challenges, participate in CTF's, download vulnerable VM's from vulnhub and try to hack them. As for trainings, OSCP is good because you basically have to hack into a network.
|
# ? Oct 30, 2018 21:17 |
|
this count as a security fuckup? https://news.vice.com/en_us/article/xw9n3q/we-posed-as-100-senators-to-run-ads-on-facebook-facebook-approved-all-of-them quote:One of Facebook’s major efforts to add transparency to political advertisements is a required “Paid for by” disclosure at the top of each ad supposedly telling users who is paying for political ads that show up in their news feeds.
|
# ? Oct 30, 2018 21:27 |
|
Angela Merkle Tree posted:browsers are pieces of poo poo and the same-origin policy isn't gonna save you
|
# ? Oct 30, 2018 21:30 |
Does Where Did I Leave My Keys?: Lessons from the Juniper Dual EC Incident [pdf] count as a secfuck?
|
|
# ? Oct 30, 2018 23:43 |
And if that's not secfuck, then this is secfuck of the opsec variety.
|
|
# ? Oct 30, 2018 23:47 |
|
Bank of America spoofs the from address to look like the account owner when sending a payment notification because apparently email being a broken piece poo poo is a feature not a bug yes I did find this out after replying to that email with a bunch of sensitive client info why do you ask (like, it’s fine obvs, it just got bounced back but jfc)
|
# ? Oct 30, 2018 23:48 |
|
Ur Getting Fatter posted:Bank of America spoofs the from address to look like the account owner when sending a payment notification because apparently email being a broken piece poo poo is a feature not a bug you didn’t check the signature?
|
# ? Oct 30, 2018 23:51 |
|
Subjunctive posted:you didn’t check the signature? if you mean a regular email signature (“John Doe - CEO of poo poo Co LLC”) he doesn’t use those either. also I was tired and hungry and wanted to go home and just blindly clicked at the last email of him I could find (the sec fuckup is me)
|
# ? Oct 30, 2018 23:56 |
|
D. Ebdrup posted:And if that's not secfuck, then this is secfuck of the opsec variety. Jacob Wohl aspires to be a security fuckup.
|
# ? Oct 31, 2018 00:04 |
|
pseudorandom name posted:Jacob Wohl aspires to be a security fuckup. kid thought he could trick reverse image search by making black & white photos
|
# ? Oct 31, 2018 00:13 |
|
D. Ebdrup posted:And if that's not secfuck, then this is secfuck of the opsec variety. lol https://securitytrails.com/domain/surefireintelligence.com/history/soa
|
# ? Oct 31, 2018 00:35 |
|
the Surefire thing is incredible
|
# ? Oct 31, 2018 00:37 |
|
anthonypants posted:there's a thread about his whole "ex-mossad" private investigator firm https://twitter.com/AricToler/status/1057352982768074753 oh theres a securitytrails link in there too. the funniest thing about the pics to me is ratcheting the filters and contrast up on them so a bunch of ~"High Level Security Executives"~ have pictures that look like theyd be band photos in a TSOL album insert. real normal thing for an Professional Adult to do.
|
# ? Oct 31, 2018 00:38 |
|
Ah I see he's following the "don't act like your cover is blown" strategy, let's see if it pays off. https://twitter.com/JacobAWohl/status/1057377866713751552 Fun fact: the article doesn't have the docs anymore and replaced it with this. quote:Earlier today we were given information on accusations against former FBI Director Robert Mueller.
|
# ? Oct 31, 2018 01:53 |
|
Subjunctive posted:the Surefire thing is incredible I wonder if the flashlight company will sue.
|
# ? Oct 31, 2018 02:02 |
|
the funniest thing is that the number Surefire, the company A Whol totally does not have anything to do with, has/had on their site rings up his mom
|
# ? Oct 31, 2018 03:24 |
|
D. Ebdrup posted:And if that's not secfuck, then this is secfuck of the opsec variety. this has been my favorite news story of the day https://www.nbcnews.com/politics/justice-department/mueller-refers-sex-assault-scheme-targeting-him-fbi-investigation-n926301 quote:Krassenstein and other journalists also pointed to Jacob Wohl, a disgraced hedge fund manager turned pro-Trump conspiracy theorist and Surefire Intelligence, a company connected to him, as being involved with Burkman's alleged plot. also https://twitter.com/lachlan/status/1057368046199816193 finally, jacob wohl is notable for being the youngest person ever to be barred for life from working in the US financial industry. he managed to do this when he was all of nineteen
|
# ? Oct 31, 2018 03:24 |
|
Lutha Mahtin posted:finally, jacob wohl is notable for being the youngest person ever to be barred for life from working in the US financial industry. he managed to do this when he was all of nineteen
|
# ? Oct 31, 2018 03:40 |
|
Ur Getting Fatter posted:Bank of America spoofs the from address to look like the account owner when sending a payment notification because apparently email being a broken piece poo poo is a feature not a bug does it actually spoof the from address header or does it show up as "from us on behalf of whoever" because that's a separate header that does that and it's how you're "supposed" to do it. barely anyone ever uses it though, generally for dumb reasons - at my last job it was because "spoofing it from their actual address is more personalized and people like it!!!" do people also like having their email blackholed constantly because we're sending mail from domains we don't own, huh? do they motherfucker? gently caress you
|
# ? Oct 31, 2018 04:04 |
|
you forgot the part where he registered the website domain under his own name https://twitter.com/HoarseWisperer/status/1057340080107470848 or the part where he used his own google account https://twitter.com/SpeedflyChris/status/1057365216214822913 or the part where he accused mueller of the assault on a day where he had an incredibly strong alibi https://twitter.com/thetomzone/status/1057383937893416962
|
# ? Oct 31, 2018 04:04 |
|
sorry if this isnt sec fuckup enough but its incredibly funny
|
# ? Oct 31, 2018 04:05 |
|
Kuvo posted:you forgot the part where he registered the website domain under his own name lmao at all this but especially the last one
|
# ? Oct 31, 2018 04:05 |
|
Kuvo posted:sorry if this isnt sec fuckup enough but its incredibly funny
|
# ? Oct 31, 2018 04:25 |
|
quote:Wohl stopped responding to NBC News after being told Surefire's official phone number redirects to his mother's voicemail. This will never not be the best part.
|
# ? Oct 31, 2018 04:30 |
|
it's pretty funny that nearly every boring journeyman political reporter in the US is now an opsec genius. at least, they're geniuses compared to the bumbling trumpers they report on
|
# ? Oct 31, 2018 04:50 |
|
Lutha Mahtin posted:security is hard and we're all terrible at it imo
|
# ? Oct 31, 2018 05:35 |
|
Volmarias posted:This will never not be the best part. dammit mom i told you to pick up the phone if anyone calls and pretend to be my receptionist, ugh i can't wait until i'm old enough to move out!!
|
# ? Oct 31, 2018 08:16 |
|
Shame Boy posted:dammit mom i told you to pick up the phone if anyone calls and pretend to be my receptionist, ugh i can't wait until i'm old enough to move out!! *jacob comes shuffling out the bathroom frantically shouting his companys name before collapsing as it goes to voicemail*
|
# ? Oct 31, 2018 13:14 |
|
a surefire way of getting pwned...
|
# ? Oct 31, 2018 13:41 |
|
https://twitter.com/yoyoha/status/1057424007887286273
|
# ? Oct 31, 2018 15:18 |
|
ok that's probably the line for wohl chat
|
# ? Oct 31, 2018 15:21 |
|
as amusing as this all is, it's going to be mighty embarrassing later when the mueller investigation wraps up without any significant impact on the trump admin
|
# ? Oct 31, 2018 23:15 |
|
Has anyone worked with CIS before? Do they publish an open set of standards or is it more of a 'buy our services' thing?
|
# ? Oct 31, 2018 23:39 |
|
Salt Fish posted:Has anyone worked with CIS before? Do they publish an open set of standards or is it more of a 'buy our services' thing? I use it for reference for some Palo Alto and AWS things. AFAIK you can join and view all of them (the benchmarks) for free. https://www.cisecurity.org/cybersecurity-tools/ There is a reference of free vs paid things Dr. Kayak Paddle fucked around with this message at 23:59 on Oct 31, 2018 |
# ? Oct 31, 2018 23:52 |
|
https://lgtm.com/blog/apple_xnu_icmp_error_CVE-2018-4407quote:This post is about a heap buffer overflow vulnerability which I found in Apple's XNU operating system kernel. I have written a proof-of-concept exploit which can reboot any Mac or iOS device on the same network, without any user interaction. Apple have classified this vulnerability as a remote code execution vulnerability in the kernel, because it may be possible to exploit the buffer overflow to execute arbitrary code in the kernel.
|
# ? Nov 1, 2018 00:03 |
|
https://twitter.com/ihackbanme/status/1057811965945376768?s=21
|
# ? Nov 1, 2018 11:07 |
|
itt: -wannabe undercover super information broker whose opsec is worse than a shitling tier highsec EvE corp -apple being magnificently bad
|
# ? Nov 1, 2018 16:37 |
|
|
# ? Jun 9, 2024 02:37 |
|
https://arstechnica.com/information-technology/2018/11/bluetooth-bugs-bite-millions-of-wi-fi-aps-from-cisco-meraki-and-aruba/
|
# ? Nov 2, 2018 04:04 |