Scriptmonkey_

Bang on Iain! As much as the example in the blog post works, getting c2 over any form of filesystem, is the real gem here. Even locally for privesc, get a system shell without worrying about proxies for example. Looking forward to see what folk come up with use case wise.

@0xTib3rius @WifiRumHam May I offer you a name suggestion for your merger? The Cyber Reconnaissance and Autonomous Penetration Suite for Heuristic Offensive Operations and Testing #CRAPSHOOT

@WifiRumHam Let's merge our companies.

I am about to COMPLETELY disrupt the cybersecurity industry...💀💀💀 Presenting the Continuous Reasoning AI Pentester! Multiple AI agents running every security tool under the sun against your environment, at record speeds. Full pentests achieved in less than AN HOUR. Zero human input. One hundred percent success.

This is bad. Putty level bad. notepad-plus-plus.org/news/hijacked-…

@TNHillbillyHack @domchell Which ethically brings it back to assume breach. Humans will fold under the right pressure, if you want to simulate the coercion of someone. You read them in and use them as your foothold. I don't need to bribe a call center employee, they just have to follow my instruction.

@domchell Full scope is the future of Red Teaming, no matter what tool/control you deploy, people are the weak part. I once proposed to a client something so awful morally but not beyond scope for real bad guys, wouldn't even let me dial it back to bribing call center employees.

My thoughts are yes, red teaming has got significantly harder over the last few years. The knock on effect is: 1) engagements need more time, 2) teams who don't invest heavily in R&D (either in-house or outsourced) will be left behind, 3) there's less things shared publicly as a consequence, 4) lots of teams have tried to compensate by assuming breach, which as a result has led to less innovation in the IA space However, I disagree that IA is anywhere near dead even targeting the top 1%. The vast majority of our engagements have a large IA component and we're still successful in >75% of cases. Yes the points mentioned are a pita - AWL is a great control, but there's equally a plethora of file formats that support scripting; get creative - Yes MOTW restricts some things - but there's a variety of ways around it if you're creative (and I'm not talking about ISOs 🙄)

@a4ds5t @JackRhysider @ProtonMail Seems silly raising this as a counter point when it doesn't account for 99% of your email traffic.

@JackRhysider @ProtonMail False for Proton <-> Proton!

@Officialwhyte22 D. As you asked - most likely. The chance my mate's wifi is being targeted is low and ET will generally affect other devices and is usually accompanied by deauths. So they're targeting my device only, but at my mates? Nah. It's D or E. My mates being a dick and fucking with me.

Ethical Hacker Question You connect your laptop to a friend’s Wi-Fi. Later, you notice: Your browser keeps redirecting to login pages HTTPS certificates look different Other devices on the network behave normally What is the MOST LIKELY issue? A. Evil Twin Wi-Fi access point B. Broken browser cache C. Outdated TLS version D. Normal captive portal behavior

@kanavtwt If its an ancient HP ILO it's USERID.

is it userId, userID or user_id?

@UK_Daniel_Card I don't get the need for rage. Surely it's... From ffmpeg: "you're welcome to submit a pull request". From sec researcher it's: "I've given <project> all the time I'm willing to. Time for a CVE." From user it's: "ffmpeg has a vulnerability we do not like, we'll switch to xyz"

Look how mad some people get.... it's insane really....

@supersat @Disneyland The arrowhead logo denotes property of HMG. en.wikipedia.org/wiki/Broad_arr…

Found this beauty in the Rise of the Resistance queue at @Disneyland It seemed FAR too realistic, even by Disney standards, to be a random custom-made prop (1/2)

"OpSec is hard" if you think this and you've only worked on an external team. Just wait until you work for an internal one. 😅

@hakluke Might be too in the weeds but the fact that for some reason it appears the world has happily renamed DLL Hijacking to DLL sideloading despite its specific meaning, and this grinds my gears.

What’s your cybersecurity take that’s got you like this? I’m heading out but when I’m back I’ll drop some of my own in the comments.

@BaffledJimmy Very similar to one of my favourite presenters on leadership and team dynamics: Nickolas Means youtu.be/099cHWSbAL8?si… He's done a few (3 mile island, fukashima, etc), might be worth a look :) would definitely watch you presenting similar at a con aimed at cyber.

Wrote some bumph on why cyber/red teaming needs to get better at learning from outside cyber. tommacdonald.co.uk/what-can-red-t…

@downpressor @IceSolst Wrong perpetrator and the wrong law. Try thanking the commercial entities who deliberately employ hostile UX and the amendments to the ePrivacy directive in 2009 which is when cookie notices became a requirement. None of the privacy laws force providers to use hostile UX.

@IceSolst Thank the EU and their GDPR law for that

Absolutely meaningless to 99.9% of your users, serving solely to enshitify the experience in spitefully malicious compliance. Complete failure of a control.

@krishdotdev If its an old IBM ilo... USERID Followed by PASSW0RD

Which one do you prefer ? - userID - user_ID - UserID - userId - user-id

@samirande_ A lack of drug addictions and a therapist.

What's stopping you from becoming like him?

@_CRUXNET @arpeyton @nickvangilder No not at all, i'm saying an entry level penetration tester is not an entry level IT position. Hence why i'm already expecting them to have experience in IT and apply security concepts to their domain experience.

@scriptmonkey_ @arpeyton @nickvangilder so you just want to underpay an experienced pentester then? 2nd paragraph of the first post you responded to.

I would argue that the massive flood of new people trying to “break in” as juniors has actually raised the bar for juniors. Every day, hundreds of people wake up and decide they want to become a 5up3r l33t penetration tester or hax0r. And that’s awesome. There’s two problems though: 1) there just aren’t that many penetration testing roles available and 2) employers want to hire the best of the best. We might not like it, but when there’s a major surplus of candidates (and there is), employers can afford to be picky. And they will be. Can you blame them? That’s just supply and demand at work. When the market shifts and there’s a shortage of qualified talent for these roles, requirements loosen. But right now? The market’s flooded, the bar’s getting higher, and the competition is fierce. Plan and adjust accordingly.

@_CRUXNET @arpeyton @nickvangilder That's not really an answer to what I stated. Yes, compliance will be part of a junior's job (in as much as its part of a senior's too) but it isn't (or shouldn't be) all a junior is expected to do. If I needed that, i'd employ a Vuln. Analyst as part of a Vuln Mgmt team.

@scriptmonkey_ @arpeyton @nickvangilder The answer was one more reply down. x.com/_CRUXNET/statu…

@hakluke Ludus LWIS.

If you had to pick ONE cybersecurity news source what would you pick?

@nickvangilder For me, an entry level in penetration testing is not an entry level position in IT. They should have experience across the domain already, that they can apply to identify security issues. I think that's the issue here, lots of people thinking junior = "just nessus" when its not

@_CRUXNET @arpeyton @nickvangilder Why are you expecting your entry level staff to do nothing but run nessus? I'm expecting them to apply their knowledge across the IT domain to find holes and misconfigurations in security. Your concept of entry level for penetration testing seems off.

It's absolutely not appropriate for junior level cybersecurity roles. The OSCP requires you to pwn 5 computers, two of which are Active Directory, within 24 hours, then write reports on all 5 within the next 24 hours. In no world am I hiring a junior to do all that. Or am I just supposed to underpay an actually experienced pentester? Because to demand an OSCP from someone for a junior role means you're giving them junior pay and if they have the skill to do that why the hell am I hiring them for an entry-level testing position that will at most have them just doing said nessus scans and learning from seniors?

@hakluke Alva Duckwall's presentation is worth a look if you're up against 802.1x youtu.be/rurYRDlf1Bo?si… There have been follow up talks in more recent confs, and tools on github that broadly automate these attacks now, but this starts at the beginning.

Red teaming tip: Up against a NAC, but need to plug your device in? - Plug a switch into the ethernet port on the wall - Plug a legitimate device into the port that is allowed by the NAC (like a printer or employee laptop) - Wait for a bit - Plug your evil device into the switch - ✨ Access granted ✨