Cybersecurity professional with an interest/background in networking. Beginning to delve into binary exploitation and reverse engineering.

  • 1 Post
  • 127 Comments
Joined 1 year ago
cake
Cake day: March 27th, 2024

help-circle




  • I’m not saying radiation like nukes. I’m saying that you treat cancer with radiation even though it kills nearby healthy cells. We tried surgery by electing Biden, but he didn’t get all the cancer. Maybe if a fucking rabid dog had been appointed to the DoJ instead of the feckless Garland it could have worked, idk.

    The weaknesses in the American systems of government have been both discovered and exploited. There’s no coming back from these systems being broken. It’s time to treat the cancer with radiation by building new systems.

    What kind of person reads my first post on context and assumes I’m talking about nuclear war? I feel sorry for you bro.








  • Recommending that somebody upgrade their hardware that is currently working fine because your hardware took a dump is the literal definition of anecdotal evidence.

    I’m not saying that you did anything wrong by updating, I’m saying that you shouldn’t be implying that your experience “dodging a bullet” means other people have bullets coming at them.

    When does it stop btw? How many years old does hardware have to be for you to feel like you need to upgrade when nothings wrong? (Am I misinterpreting what you said? I thought you said you ordered new stuff before your current system threw a bsod.) Why not buy two of everything when you upgrade and just have cold spares lying around?

    To be completely fair though, a 3600 is prolly a bit long in the tooth for certain games, if that’s what you do. I mainly play the finals and I’m having to fight the urge to upgrade my 5800x. It’s good enough, but a 5800x3d isn’t enough of an uplift to justify it and the current performance isn’t bad enough to justify the price of an upgrade to a new socket. I feel like if I was still on a 3600 I’d have pulled the trigger on the upgrade already.

    Edit - Also that can absolutely be a transient error. It can be related to too high fclk and/or vsoc voltage, etc. But you’ve already replaced the parts so it doesn’t matter.


  • No. You can have control over specific parameters of an SQL query though. Look up insecure direct object reference vulnerabilities.

    Consider a website that uses the following URL to access the customer account page, by retrieving information from the back-end database: https://insecure-website.com/customer_account?customer_number=132355 Here, the customer number is used directly as a record index in queries that are performed on the back-end database. If no other controls are in place, an attacker can simply modify the customer_number value, bypassing access controls to view the records of other customers.





  • Just to be clear, I will absolutely create new domain users or add my own ssh keys to an authorized_keys file to escalate privs or move laterally through a network while I’m “hacking”.

    Also a malicious actor opening a reverse port forward tunnel with ssh allows them to punch a hole to them on the WAN side of the network when they’re dealing with NAT or firewall rules. If a system is truly airgapped then that accomplishes nothing. You’d need something plugged in to the airgapped system or airgapped network to bridge that air gap, like a usb adapter that has a SIM card in it.



  • My coworker was having difficulty starting and is trying to commit to finding at least one hour a day during the week, and that’s been pretty successful for them. My issue is that I get completely consumed by it. Like ignore my family, ignore food, ignore everything, get off work at 5pm and rip offsec until 1am, rinse, repeat, and I’m like enjoying life and other hobbies and stuff right now lol.

    Is there any specific offsec course/cert you’re trying to get going on? I’m super privileged in that my employer pays for the Learn Unlimited, so it’s easier to slack off on the training. When I was self-paying for individual courses it was much easier for me to hold myself accountable because I only had 90 days of lab access, and it was my money on the line.


  • I’m not currently working on anything projects or anything. I’m slowly getting back in to the OffSec training grind. I took a “short break” while working on my OSED over a year ago and am just now hopping back into it. I’ve already got my OSCP/OSEP/OSWE, so really gunning for this OSED for the OSCE^3. It has been extremely difficult to get back into a routine of doing training every day.