Wow.....

Neat tool for monitoring Electron IPC comms: electronjs.org/devtron

Retweeting this again for anyone who missed it. I'll share results soon.

TIL IANA called out MSFT's use of "www-authenticate: negotiate" "This authentication scheme violates both HTTP semantics (being connection-oriented) and syntax (use of syntax incompatible with the WWW-Authenticate and Authorization header field syntax)." archive.is/cnps8#selectio…

Audit finding: Vulnerability scan results reveal host and domain names Remediation: Redact or obfuscate identifiable information in vulnerability reports Management response: We need that information to know where we need to patch, won't fix

"Check if a Certificate and a Private Key match" "Enter your Private Key:" 🤨🤔 Yeah, I think I will pass on that, sslshopper.com

Open redirection is possible with relative paths by prefixing with an @ sign: Ex: "mysite.com" + path If path is "@test.com", a redirect to test.com occurs due to how browsers handle a URL like "[email protected]" Fix: ensure the initial path /

I love playing the “Will Windows successfully update, or will it brick my computer” game. I guess today I lose.

Anathema Pare🖥doli’� yes! Andrew Luke hosts it here - docs.google.com/forms/d/e/1FAI…

Wanted to share my Infosec Income Questionnaire again. It can be a very useful resource for hiring and for requesting salaries/raises. We've had a recent surge in submissions getting us to 358! Form: goo.gl/forms/pAeMbeo6… Results: docs.google.com/spreadsheets/d…

Privacy regulations (CCPA/GDPR) are really giving the recommendation to exercise "least privilege" teeth.

CBP having military drones at all? Questionable CBP deploying military drones that were justified to Congress to patrol the border to instead fly over an area of civil unrest? Eek Yeah, nobody cares that MSP inside the 100 mile CBP "border zone" where "nobody has any rights."

Pivoting from Azure back down to on-prem AD opens up some very exciting attack path possibilities. In this post, I explain what Hybrid Azure Join is, target enumeration, and how to abuse Intune/Endpoint Manager to execute code as SYSTEM on target systems posts.specterops.io/death-from-abo…

Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies 👇Check the thread after reading for a few bonus facts👇 medium.com/@alex.birsan/d…

A lawyer using Zoom had to let a judge know that he wasn’t a cat after inadvertently activating a face filter

So, the Gab data breach situation: Let's start the bizarreness with their CEO's ridiculous statement tweeted yesterday: x.com/getongab/statu…

Today I'm thrilled to formally launch a project months in the making. Deploying this tool internally has yielded great results, but our goal was always to release it as a robust, flexible, and low-barrier-to-entry tool for any security team. blog.palantir.com/phishcatch-det…

I'm extremely proud to announce The Attack Path Management Manifesto - our perspective, thoughts, and vision for directly dealing with the problem of Attack Paths: posts.specterops.io/the-attack-pat…