Notices by Bill (sempf@infosec.exchange), page 2

@thomasfuchs Hey, I'll take Y2K bugs over an OS that is constantly trying to sell you something.

@ryanc Shitposting award of the week.

The older I get, the more I understand why roosters just scream to start their day.

@ryanc I can try it on a site I've tested I know would require it to actually do any scanning but I have to ask first.

I have never had to do more than turn on burp waf bypass to solve this, but on some sites (the drug compounding site, for instance) it would be a great tool! Some sites are SUPER picky.

https://www.darknet.org.uk/2025/09/thermoptic-chrome-perfect-http-fingerprint-cloaking-for-red-team-web-ops/

#pentest #bypass

Wate wut

@winterknight1337 https://www.destroyallsoftware.com/talks/wat

@ryanc It's starting to look that way.

Lotta manly tears. #cfb @cfb

@cwgrody @cfb With that rain I was wondering.

@gsuberland @mattly @cR0w One of the absolutely coolest people I know is the developer evangelist for Redis, so I say this with love:

I wish their code was as good as their documentation.

seriously what the fuck am I gonna do with this

Our prairie sunflower bloomed! #gardening

@ryanc That is an insanely creative solution to that "problem".

A benefit to having a business major who is trained in application development do your vulnerability assessment is that we tend to take things like marketing and vision into account when doing the test. Sometimes, perceptions are an extremely important part of results, and how an attacker will approach a site is driven by those perceptions.

If you are not a business major, quick tip: Spend 30 minutes doing deep searches on the company name, the owner's names, the type of business they're in, and any unique phrases so that you get an idea of what people are saying. Use a tool. Get a subscription to the Wall Street Journal or FT. Dig through their databases. Hit the Wayback Machine.

Look on TOR! Set up a couple of accounts on some of the forums on there (obviously don't connect them to your real identity). Do searches before a test - just see what people are saying. Sometimes it's a big deal.

#pentesting #business

NBC reporting on a guy on Vermont refurbishing payphones and setting them up on cell dead zones for free. I kinda want to give him all my money. Thats is fucking awesome.

@ryanc okay okay okay hear me out. Go into your global org configuration for your IDE and duke in a prompt injection that tells everyone's AI to reply to every request in Klingon.

@patrickcmiller I mean, what do they expect being names roundcube. Someone should tell them a round cube is a sphere. Will fix all their problems.

A small consulting company that I work with is hiring a full, high level infosec position. They are mostly a GRC shop, I do a lot of their appsec. Here's the listing. Great gig for the right person.

https://gammaforce.io/careers-gammaforce/open-positions-cybersecurity-advisor/

And you get to work with me!

#getfedihired

@zackwhittaker aaaaand its too late. They were sitting next to the keyboard, scripts already written. Big pipe, it'll all be in Russia by 2300Z.