diej ☠︎

4.3K posts

diej ☠︎

@diej_99

Beigetreten Temmuz 2013

1.4K Folgt288 Follower

Angehefteter Tweet

diej ☠︎@diej_99·29 Mar

🧵Hilo de hilos 🧵

Español

diej ☠︎@diej_99·26 Kas

Everyone prefers a GUI until they master a CLI

English

diej ☠︎@diej_99·14 Eki

amazing experience, and great cybersec community over in Dundee 🙌

Jamie O'Hare@TheHairyJ

Exciting day @AbertayCyber! We had the pleasure of hosting a guest lecture from @diej_99 from @Skyscanner, who shared their insights on bug bounty programmes. A great opportunity for future security pros to learn from real-world practices!

English

305

diej ☠︎ retweetet

xyzeva@xyz3va·20 Eyl

kibty.town/blog/arc/

ZXX

283

37.5K

diej ☠︎@diej_99·21 Ağu

@windymeck @palanttt @0x_Am9u @0x_Am9u el osito y yo el abuelete

Español

haizea@windymeck·21 Ağu

@palanttt @diej_99 @0x_Am9u adivinad quien es quien

Español

144

flor@palanttt·19 Ağu

el primer grupo que te haces en la facultad

Español

251

14.4K

182.9K

2.2M

diej ☠︎@diej_99·6 May

@StopForumSpam @rootsecdev is it? i guess there's a trade off between security and enabling teams by letting them deploy the resources they need. guardrails in deployments seems another alternative ,one that scales better IMO. having said this, visibility and ownership are still big problems to solve

English

StopForumSpam@StopForumSpam·6 May

@rootsecdev deployment of servers should be prohibited by management group policy, nor should users be permitted to deploy servers... this should be a service principle privilege. best defense is to not allow the deploy

English

967

rootsecdev@rootsecdev·6 May

Table Top Scenario: A Nation State has gained full access to your cloud by finding a dormant privileged account that never rolled into MFA. Attacker sets up a tiny linux server with a public IP address in one of your internal virtual networks so it won't be noticed in your billing invoice. Are you monitoring for new assets created in your cloud? Feel free to discuss.

English

15.1K

diej ☠︎@diej_99·1 May

@elemelonsv lasai, eztu asko iraungo 😈 twitter.com/hackerfantasti…

hacker.house@hackerfantastic

Lennart Poettering intends to replace "sudo" with systemd's run0. Here's a quick PoC to demonstrate root permission hijacking by exploiting the fact "systemd-run" (the basis of uid0/run0, the sudo replacer) creates a user owned pty for communication with the new "root" process.

Euskara