ippsec

Looking for a video on a specific hacking technique/tool? Check out ippsec.rocks - Searches over 100 hours of my videos to find you the exact spot in the video you are looking for.

@S1r1u5_ It's the black budget problem -- At some point money has detrimental returns. I strongly believe if you have 1 year and you give a team 50 million you will get a much worse product than if you gave them 2 million.

it’s kinda surprising how quickly xbow became a corporate slug. their blogs rarely have anything novel, their twitter reads like generated marketing slop, and for the amount of capital they’ve raised, i would’ve expected way more ambitious research, experiments, and weird ideas.

@HackingDave Is this a new thing? Or is it just new to be this open about it? I am upset I can't use Mythos but I've always felt there was a big difference in tooling between little/big guy. Just feels like there's a new & bigger player now and they are more open about their capabilities

The gatekeepers today in AI are IT and Security for the Enterprise. Who will be selected, how it will be used, how much will it be adopted. Let’s release a model that can’t be remotely used for any of these today - gonna be a good idea. #Fable

And yup, know its a bit odd skipping intros and just getting right to it, but intros would require planning which introduces procrastination. pod.link/1896901842

Wanted an excuse to chat with old friends and see what they thought about the latest headlines. Figured we'd hit record and see if other people enjoyed listening to our banter. Let me know what you think.

@ippsec, @pure_strug and I just launched Adversarial Input. Every other week, we’ll talk through what’s happening in AI from a cybersecurity perspective and try to cut through the hype to figure out what’s actually real. First episode is live. Would love to hear what you think: pod.link/1896901842

It's stupid ideas like this, which give me hope that AI will be worth it in the end.

Watching @ippsec inspired a question - How does auto-calibration (-ac) work in ffuf? Let's explore it! youtube.com/watch?v=scHcQI…

@shenetworks Out of context that is actually a good tweet as I initially took it as intellectual property…. until I saw the name 😂

“The more you tweet the more I can track your IP” will always be a certified classic

@lawndoc @apiratemoo It is a 10.0 CVE on software that does not have any real risks associated with patching and doesn't require a reboot. If an organization is thinking about priority in this case, I would hate to run an audit on their environment... Especially after the recent flood of CVEs

@ippsec @apiratemoo I know you don't need to see the exploit, but more context does help with prioritization if you're a consumer. For this nginx example, you'd give patching this CVE more priority if there was also a known LFD vuln, but you'd have to understand that LFD makes the RCE possible.

Legit question: How is this ranked a critical? ASLR has to be disabled - that's default on. You would have to get lucky AF?

@lawndoc @apiratemoo You shouldn’t need to see the exploit to triage or patch. However, I do have videos on those chains.

@ippsec @apiratemoo Is there a concise source with these kinds of chains like your example of Heap Buffer Overflow + Local File Disclosure -> ASLR bypass That sort of thing would be really helpful for defenders triaging vulns who haven't dedicated a lot of time to learning exploit dev

@UK_Daniel_Card @AICyberHome I think it is rare for the TA to turn around and sell the breach advertised as the company breach. They likely sell it as a "combined list" with the victims name removed. Which in terms of PR is an infinitely better outcome for the victim than a public dump/outage/etc.

@AICyberHome there's a lot of risk the TA lies, takes your money and sells the data anyway

Did an IR team advise them to pay? Did an insurance firm advise to pay? Who advised they pay the criminals????

I've only read between the lines, but I think the crux of the issue is the reduction in pay is due to changing departments because the role no longer exists. I don't think FMLA really provides any protection in that case as it is not retaliatory, it's likely just an unfortunate coincidence. Why do I think that? Because the person in question was visible under a title that is not "Penetration Testing". When you have your picture on a public website for your company, I think it is expected that position have a large salary tied to it. I imagine that position got removed, they moved to a penetration tester (doing the right thing to not fire them). During some audit, they realize they didn't adjust the pay during the move and when correcting it something happened which caused this all to blow out of proportion. Talking about it over social media made it worse. It's reasonable to be let go at that point. Is it retaliatory? Idk. Given the context of the original messages, I'd say it is but not illegal. I'm really grasping at straws for the next part but I'm guessing to try and plug the PR Disaster. The original employment contract/agreements were brought up and one of the parties thought that included a non-compete. I only say that because the founder says they removed it, never enforced it, and there is plenty of other people leaving the company and working for (or becoming) competitors.

I’m glossing over a lot here but additional laws prevent discrimination against pregnant parents both pre and post birth. This includes retaliatory measures such as constructive dismissal, reduction in pay, and harassment.

Chiming into this not to dog on any party involved or just to be apart of the conversation but as someone who has experience with labor relations in tech. I’m not a lawyer and every state is different laws so YMMV. I’m a fan of BHIS and have no reason to hate them 1/?

There has been a lot of talk about BHIS and our maternity and employment policies. Please check out the following site for more details. blackhillsinfosec.com/bhis-employmen… Thanks!

@MJHallenbeck Metasploit does support python/go/etc already -- The value of Metasploit isn't really the core, it is the community that keeps exploits up to date (and does Q/A). Just forking it to python wouldn't magically bring the community over to the python edition

Everyone has been going insane over AI and nobody has had it rewrite Metasploit in Python or any other non garbage language? I'm shocked.

@x509dot @LiveOverflow Didn't say it was purely bug bounties.

@ippsec @LiveOverflow 500-1200 from paid bounties

Max amount you spent on AI subscriptions or API tokens in a month?

@0xTib3rius Haha I just don’t think I’m sane enough to have that type of opinion. Tenure is no longer rewarded. I’ve had friends in similar positions and my comment to them was always lay low, do the bare minimum while you job hunt as it takes time to fire for laziness.

@ippsec It's of course fine to have differing opinions. If you had two friends be treated like shit by the same company, you may feel the same way I do.

I'll re-tweet my own reply because honestly we should call out shitty companies more often. Have seen two friends get screwed over by BHIS now. One got gaslit repeatedly about their work. Didn't have a direct manager they could go to. Working there sounded like pure chaos. They manage to maintain a reputation in the community through free / cheap courses and a card game. That's not enough. If you've ever wondered why I never went to WWHF, well now you know.

@MJHallenbeck I'm guessing you are thinking of bustakube.com - Not sure how up to date it is.

Is there a DVWA for Kubernetes? I swear there was a good one but I cant find it...