digish0

@BenjDicken And PHP plus HHVM

@BenjDicken Might as well toss JRuby in as well.

More languages, more insights! A few interesting takeaways: * Java and Kotlin are quick! Possible explanation: Google is heavily invested in performance here. * Js is really fast as far as interpreted / jit languages go. * Python is quite slow without things like PyPy.

The media say Trump lied when he told Joe Rogan that industrial wind turbines are killing whales, but he didn't. In fact, it's worse than Trump said. If the wind industry continues with its boats, noise, and vibrations, it will make the North Atlantic right whale extinct.

@hcanes100 @WeAreDlfferent @squawk_hawk @sentdefender There's dozens of examples of intel groups injecting themselves in the supply chains of foreign adversaries and modifying the devices in various ways. Its not hard to imagine a small explosive charge was added to these pagers.

@WeAreDlfferent @squawk_hawk @sentdefender I disagree. You can cause the batteries to heat up and explode. Does someone really think that 2500+ pagers had explosives in them that folks didn't know about. That doesn't even make walking around common sense. Like even Hamas would know that.

Graphic Images from Beirut, showing the Brutal Injuries caused by several of today’s Hezbollah Pager Explosions.

@AccidentalCISO @Jhaddix LinkedIn > Twitter for professional feed and sharing research with like minded audience. Also great OSINT platform.

@Jhaddix But why would someone want to accept most LinkedIn connection requests? 🤣😭

Random but if you wanna automate accepting all LinkedIn requests; you can use this one-liner on your "mynetwork" page: var x = document.querySelectorAll('button.artdeco-button--secondary'); for (var i = 0; i < x.length; i++) { setTimeout(function(j) { return function() { x[j].click(); }; }(i), 3000 * i); } Got to that page and open Chrome dev tools and paste it into the console. 3-sec delay on each click to avoid "too many requsts" ban

Okay so I just connected the dots on something and I feel insane. In 2020 google replaced Ben Gomes with Prabhakar Raghavan as head of search. Raghavan was hired in 2012 as a manager. His previous job was head of search at YAHOO from 2005 to 2012! This guy killed yahoo!

@digish0 and I will be at @CactusCon! If you missed our workshop at DEFCON, we're got a new refreshment on deck for 2024 :)

The CFP for our conference on May 17-19, 2024 is now open! docs.google.com/forms/d/e/1FAI…

Happy Kubecon FOMO week, to all that celebrate 😆

@matthew_d_green I feel like if you cared that much about being tracked you shouldn't be using anything other than a burner phone over a Tor/privately run VPN. After all, Signal knows your IP, its assumed whoever you talk to is not who you're trying to establish privacy from.

I feel like we should introduce this to our CS students during their first year in our program. “How you can precisely control the adoption rate of a feature based on where you place it in the Settings menu-tree.”

I actually did not realize Signal leaked my IP every time I made a call. I guess this is old and well-known?

@Tom14985282 @SamInTampa @PumpkinSnorter @Queen_fennec Yeah, this proposes a scenario where they've already compromised their machine to the point of being able to install a root CA (requires admin), but stealing their bank creds on public wifi later on is the threat model we're concerned about here, not key loggers.

@SamInTampa @PumpkinSnorter @Queen_fennec The only way it would work without th user noticing would be if the attacker stole the private key of one of the user's root CAs, which is extremly unlikely. Every tutorial tells you that you have to install a malicious CA on the victim for it to work... #Create-and-install-root-CA-certificate" target="_blank" rel="nofollow noopener">blog.heckel.io/2013/08/04/use…

Public WIFI is safe enough to use, without a VPN, for almost all users. And yes, even for online banking.

@Tom14985282 @SamInTampa @PumpkinSnorter @Queen_fennec Even SSLStrip doesn't work anymore on modern browsers.

@Tom14985282 @SamInTampa @PumpkinSnorter @Queen_fennec Yeah, I'm convinced this person has never actually used this.

@0xInjuxtice @SamInTampa @Queen_fennec Right, which is why this is an amateur post by someone whose only done CTF's and uses techniques that haven't worked for 10 years cause of modern browsers and ubiquity of https everywhere.

@SamInTampa @Queen_fennec SSLsplit generates its own self signed certs, so the victim would receive a warning message and GTFO no? The only time that wouldn’t happen is if you give SSL split the private key to the cert for the website you’re trying to MiTM, which you’re never going to have (banks etc)

Workshop availability opens within two hours for those attending @Defcon this year. Myself @WHITEHACKSEC @digish0 will be back presenting Creating and uncovering malicious containers redux. Availability goes quickly so be sure to get your ticket (free)! forum.defcon.org/node/246020

28FMsfTQ4z @cackalackycon

@BsidesG You've seemed to have scheduled on top of or near BSides CLT, BSides RDU, Charlotte Cyber Symposium to say nothing of BSides Augusta, Charleston, etc. October wasn't an ideal time. Don't reschedule in April and May, there are NC conferences happening around that time too.

@BsidesG Update your site.

Bsides Triad has been postponed. The event was planned to take place on October 22, 2022, but this has changed due to unavoidable circumstances. There have been many conflicts that have arisen which require the speakers and staff to reschedule.

@BSidesLV Please fix your breaking ground video stream, it hasn't worked since this morning and just showing 3 minutes of a talk