raildex1

Self hosted gitlab looks better each day

@Void_Sec @justandrijana @offensive_con Not OP but it’s this one! I also enjoyed it as well amazon.com/BePuzzled-Lege…

@justandrijana @offensive_con Wait wait, where did you get the puzzle!? I'm a huge collector

Had a really great time at @offensive_con this year, wonderful people, talks and parties! Thank you for making it so incredible! See you next year with even better gifts 🧡 FYI I guess the brain works best on Sunday morning, after the last day to solve the games! Sword 🗡️

@nnwakelam Yogyakarta is definitely safer - good chocolate museum there too.

@nnwakelam Jakarta is definitely a rough spot, have to be super attentive - good cheap street food and places but yeah. Only place don't use airpods or phone out in streets or else getting robbed.

Nearly got violently robbed by three bike drivers in Jakarta. Life comes at ya quick

@EubardWells @thedawgyg They have easier ways to get what they need depending on target. And they can pay virtually unlimited $$$ to buy 0days if thats needed (and why block on chromium when baseband w/ app processor is more stealthy and slower to patch). It’s mainly issue tracker slop backlog sadly.

@thedawgyg @TheRaildex1 May be they want to keep the zero days intentionally to support the SPY AGENCIES!! yet you are defeating them in every possible way and they cant add more zerodays intentionally just cause you gonna find them sooner #google #zeroday

3 weeks of complete radio silence since giving the Chrome team the RCE exploit... And people wonder why some choose to sell to exploit brokers instead lol

There’s an astronomical skill gap between good security people, and the rest. There’s no mid. Accounts you see posting their research here are absolutely cracked, it’s not the norm. When you go out and talk to security folks that don’t go to conferences, don’t read up on research, you realize- holy shit. They have no fucking clue. The majority of the cybersecurity work force is absolutely incompetent. It’s partly why vendors can come up with inane bullshit as marketing material and it works on many CISOs. If you’re reading this, you’re most likely 1000x the skill level of the average person. Like I cannot emphasize enough how low the bar is when the sample size is the entire industry.

@thedawgyg Question - from 0 fuzzing experience to becoming a fuzzing hero how long it did take you?

Confident that I should finally receieve my first Google bounty. Hoping its the first of many. Setting a personal goal of finishing in the top 5 for one of their VRP programs (or overall) for 2026 🤞🤞 (no idea how they do points tho, so not sure thats possible)

@curi0usJack CTI companies scraping everything (and most not adding any value) and charging 5-6 figures a year plus 4-5 figures per analyst, and EDR vendors sending or threatening lawsuits when you bypass their detection would do it.

Feels like the infosec scene on social media is drying up for some reason. My infosec list is mostly cat pics and a few blog posts now. Makes me wonder if people are just sucked in to AI at the moment. And before anyone cries bluesky at me, I checked and for the most part it's a bunch of dead accounts and political takes over there also.

We’re so hyped on the below release. So hyped we’re doing some giveaways! We are giving away 8 free seats to our Advanced Client Side course. All you have to do is retweet and like the below post! Winners chosen next week 🫶

@nnwakelam A desk mat like the Orbitkey ones in leather is good. As you have a cat you’ll need to cat-proof the office (so any wiring such as ethernet/power wiring will have to be enclosed/covered), locked cabinets. Desk will need undertable solution for storing PSU bricks etc.

I’m moving to a new apartment and am going to setup a proper office. Does anyone have any recommendations? I’ve got a good computer chair. More desks, laptop stands, anything that made your life significantly easier or that you wouldn’t live without

Us-east-1 down… quarter of the internet stops working 😅

@0xMstar OSCP first, but then I’d go for CWEE instead (Gold Annual from HTB). If you want specific appsec - pentesterlab.com/live-training/ for code review, and n-day/research @steventseeley ‘s full Stack course (he wrote the OG modern OSWE course material from memory)

Thinking about doing OffSec’s OSWE certification, is it worth it? Does it really help in landing a good job in application security or pentesting?

So when does the class actions for the $20 in compensation after lawyer fees start for Qantas 😅 (Leak happened, data dumps are spreading everywhere). From what I hear it’s both Individuals and organisation account details.

Well, it happened. The company I worked at for 6 years will be closing and thus I got laid off. This doesn't affect @octopwn operations in any negative ways, but I'm actively looking for a new day job. If someone has something please DM me. Retweets are appreciated.

@infosec_au @mgianarakis Big congratulations!!! 🥳

In 2018, @mgianarakis and I set off to build a platform that would provide enterprises with a realistic attacker perspective of their entire network. At the time, we had just begun to try the phrase "attack surface management" in peer conversations. But the vision was always clear. Find and monitor *every* asset and operationalize leading vulnerability research to provide customers with verifiable exposures before attackers even get a chance to exploit them. Over the past 7 years of bootstrapping Assetnote, I am proud to say we were able to build something that has made a significant positive impact for customers like Checkpoint, Canva, LinkTree, and more. I am also proud of the hard work and dedication of the Assetnote Security Research Team, who over the years, have discovered significant vulnerabilities in Citrix, Fortinet, Zoom, and many more. Being able to quickly operationalize these findings and protect our customers before the CVE is even assigned has always been a highlight of the work we do here. Today, I’m excited to share that Assetnote has been acquired by Searchlight Cyber as the next step in our journey. Not only will we continue to improve our market-leading Attack Surface Management solution, it will include the power of Searchlight’s dark web intelligence capabilities to provide our customers with even more high-signal and actionable information. You can check out the full press release here: assetnote.io/acquisition

"Luce" will also serve as the mascot of the Holy See's pavilion at Expo 2025 in Osaka, Japan. The Holy See pavilion will also display the 17th-century painting "The Entombment of Christ" by Caravaggio.

What goes around… comes around ☕️

Seems to be a current worldwide @CrowdStrike issue causing BSOD. Seen reports form NZ, AU, Japan, India. Some servers and devices are not resuming correctly and are getting stuck in boot loops #crowdstrike #bsod