Notices by darf :BlobhajMlem: (darfplatypus@infosec.exchange)

For those of you who remember ScreamingGoat, they're currently looking for a new role. Ideally something in the threat Intelligence space and DC local. Y'all know how he is with emerging vulnerabilities. Let me know what you've got and I'll make sure it makes it to them.

@cR0w

Make conficker great again

@cR0w

@blaise sounds like you've done this a few times before, so I may be incorrect, but I was under the impression that modern Toyotas required a screw in caliper tool to push the piston back into the caliper, I didn't think you could just linearly push them back in. that might be what you are facing.

I know this is a long shot, but anyone know of an org that may be looking to snatch up a sharp AppSec nerd come December when they graduate?

So _technically_ I'm an engineer at work, but we have like, real engineers that really know how to build sustainable systems, right. Well I told one the other day that I built my entire workflow to be as close to Out-of-the-Box Ubuntu compatible as possible and I think I saw something inside them break. 😂 I then look over and see their fully modded terminal, colored zsh, neoVim with ngrep open 😅

@cR0w don't listen to @da_667 , I'll replace you however you'd like.

@cR0w @da_667 I'll have to find one that's not also just scraping your feed and passing it as their own 🙃

HIPAA doesn't say who has to hold the encryption keys.

@legacv @cR0w I can only imagine that sharing notifications was a bolted on capability and their auth flow doesnt account for that properly. So theres no sense of RBAC for the shared with user and when they click it just lets them in like a fully auth'd user.

but thats me spitballing with literally zero research.

@cR0w @legacv Legacv if you ever get super bored and need an AppSec project, start downloading SOHO router firmware, then binwalk the filesystem out of it, then do security review of their web panels. I'm willing to bet within 10 you look at, you'll find something horribly wrong.

@cR0w @legacv friend of mine and I won a contest at DefCon for backdooring a malicious update into a samsung IOT camera. literally just take firmware off the internet, slam a netcat shell in the init system as root, put it on a web share and DNS AITM to feed it a bad update.

@cR0w @Viss im currently waiting for the local place I love to open their brick and mortar after closing their ghost kitchen.

@cR0w @Viss theyre the only place ive found around here to do birria. and im pretty sure between me and a friend of mine, we're putting one of their kids through college 😂

@Viss Strategically Transport Equipment to Alternative Locations. 😅

@cR0w @grey shhhhh let me be a trash racoon in peace.

@kims as someone who likes dogs considerably more than people, i fully support this!

I'm looking for some stickers to throw on a pelican case along the lines of "sensitive electronics" "danger" "fragile contents" etc if anyone has suggestions on what else I should throw on there and where I can buy them 1 at a time rather than the 500x bulk options on amazon.