Watched a pentest demo by our appsec gang at work yesterday. They recommended HackerOne to work on skills. Anyone interested in the occasional pair-pentest? I can do an evening or two during the week and some time on weekends. Let me know.
Need to keep the brain engaged. This scrum stuff is making my noggin mushy.
@PoeticDreamist KV store(I like consul, myself) Message queue like rabbitmq can also help with state.
By a lot, not really a lot, maybe just a handful really, but preferably don't want things to break much as workload increases
Any devs wanna explain to me how they keep state between a lot of independently running services? I want something more elegant than just files, but I ran into problems with more than two fuzzers sharing an SQLite database.
so i guess im gonna use ansible. hello darkness my old friend
Intel: find bugs and we'll pay you
Researchers: okay
Intel: NOT IN HYPERTHREADING!!!! WE NEED THAT
current mood: id='UNION%20SELECT%201%2C%202%2C%20(SELECT%20group_concat(TABLE_NAME)%20FROM%20INFORMATION_SCHEMA.TABLES)%20 - %20'&b=%3Cscript%3Ealert(0)%3B%3C%2Fscript%3E&c=%0D%0ATestheader
Also should ask about the solution to DRIVE if it was him https://capturetheflag.withgoogle.com/#challenges/pwn-drive
https://www.youtube.com/watch?v=qDYwcIf0LZw
Anyone tuning into GynvaelColdwind's stream today should ask who wrote all those sandbox escape challenges (so many) in Google CTF Quals, and what was with all the cake memeing
Wow, didn't take long at all for me to start learning something new from this guy's binary exploitation videos. He could use more viewers.
Anyone want to join Google CTF Quals with me and @PoeticDreamist ?
We'll be communicating on IRC irc.freenode.net, channel #ntropy-google-ctf
No more bounties for Control Flow Guard, apparently
Challenge here: https://ctftime.org/task/6000
May get to write on something very related soon if time allows
My (late) exploit for BlazeFox, a CTF challenge with a patched in Javascript function for setting any JSArray's length to 420.
https://gist.github.com/n00bSec/666768ba62aed131667c9d2377f4d7de
I hadn't the time to participate while it was running, so I ended up getting a spoiler on the trigger setup from DevCraft a long while ago, here: https://devcraft.io/2018/04/27/blazefox-blaze-ctf-2018.html
In reading their actual exploit now afterwards, I see they took their out of bound R/W abuse in a little bit of a different direction, but did a GOT overwrite, just on a different function.
MWR's Hackfu challenge running until July 23rd
@ragazzonoioso you don't need to trust them. if you are very paranoid, sign releases with gpg. #microsoft won't steal your keys, i'm sure. i'm also sure you don't even need that (though it's good), they won't alter your code.
and nobody is devil except the devil themself (what gender are they?..).
Needed to VM WindowsXP for some disaster recovery. Remember this great IE warning?
i need to stop ricing and hardening my system and go make a pizza
