"How Cloud Computing is transforming from raw infra to app-centric services" Longer blog post 👉diagrid.io/blog/evolution… TLDR of timelines, app, infra, API changes 👇🧵(0..4)

Mindmap upgrade version 2023_02 thx to Jenaye and DaahtK for the help. Full quality here : orange-cyberdefense.github.io/ocd-mindmaps/i…

compliance: #Security Architecture

When I see a team mate coding using a text editor other than Vim...

Cool secure boot bypass by fault injection in (Espressif) ESP32 CPUs by LimitedResults limitedresults.com/2019/09/pwn-th… #embedded #iot #hardware #faultinjection #infosec

Ticket: "All switches are down" Remote Tech: "How can all of them be down?" On-Site Tech: sends photo..... 🤦🤦🤦

BREAD: BIOS Reverse Engineering & Advanced Debugging - an 'injectable' real-mode x86 debugger that can debug arbitrary real-mode code (on real HW) from another PC via serial cable. dlvr.it/SnDk4F #cyber #threathunting #infosec

Guys with a mission: "Admin rights are not human rights" - Sami Laiho

Y’all just use 1 data blocker for safe USB charging? Why not use 20 and hope you have enough layers to protect yourself, just like enterprise security services!

Have you thought? reddit.com/r/programmerhu…

Here is the full Philips Sonicare Head NFC Password Calculation 🥳 How I got there you can find in this Thread. 1/N

I believe I just discovered a novel technique to get ChatGPT to create Ransomware, Keyloggers, and more. This bypasses the "I'm sorry, I cannot assist" response completely for writing malicious applications. More details in the thread.

Microsoft needs to disclose how the MSA consumer account signing keys were stolen. It’s creating a unique problem of distrust in customer reliance on cloud services. This is on Microsoft . At present the explanation is not good enough. Mail Items accessed is throwing up a wall

𝗗𝗼 𝗬𝗼𝘂 𝗡𝗲𝗲𝗱 𝗧𝗼 𝗞𝗻𝗼𝘄 𝗔𝗹𝗹 𝗗𝗲𝘀𝗶𝗴𝗻 𝗣𝗮𝘁𝘁𝗲𝗿𝗻𝘀? The answer is no. Even though we have 23 design patterns, around ten are mostly used in everyday development. Knowing which patterns exist overall is good, but you need to know these very well. Design

Expect a few bumps when migrating to kubernetes The bumps:

Citrix NetScaler ADC CVE-2023-3519 resources -- Compromise Assessments Cybersecurity and Infrastructure Security Agency advisory cisa.gov/sites/default/… Deyda guide deyda.net/index.php/en/2… -- Vuln Checks Python github.com/telekom-securi… Nmap NSE script github.com/RootUp/Persona… I'm gonna add more links in this🧵

frontend and backend devs collaborating

I've made over 100k on SSRF vulnerabilities. They aren't always as simple as pointing it at localhost or AWS Metadata service. Here are some tricks I've picked up over the past 5 years of web app testing:

1. hashicorp locks down terraform license 2. this forces a bunch of companies to get together to fork it into OpenTF 3. it’s on track to be part of CNCF and has more resource allocated to it than Hashicorp’s version at this point Hashicorp should just use OpenTF themselves

Scrum is a cancer. I've been writing software for 25 years, and nothing renders a software team useless like Scrum does. Some anecdotes: 1. They tried to convince me that Poker is a planning tool, not a game. 2. If you want to be more efficient, you must add process, not