Quick win

I'm at HackSpaceCon! My daughter & I created a #cybersecurity challenge. Though we are using an LLM to create the HAQ.NEWS site, what folks don't know is that we used ElevenLabs to create Gracie's daily podcasts. All 65 of them, except 1. Find the real episode…

> Create a pixel art image of cybersecurity roles

Sure, the pentester looking like ROB the Robot is weird, but the compliance officer is about to shank someone, and the threat hunter is CLEARLY pooping

Uhh...

Looking forward to this one! mosesrenegade - #ReInstall #OnPrem #AD is an absolute wizard

He is risen!

Bill INTENSIFIES

Check out my new parody music video, 'Closer to Prod' on #YouTube ! Prepare to laugh and see a whole new me!!!! If you like Nine Inch Nails, you will love this!

youtube.com/watch?v=Mt4RIb…
#NIN

Me: Man, you have a lot of open browser tabs!

Also me:

Hey friends... Holiday Hack 2024 is gonna be something like you've never experienced before. The whole timing of our roll-out and the feel will be totally revolutionized. For a tiny example, just wait 'til you see the scoreboard(_s_)... 😀👀🎅

Made some QOL improvements for QScanner:
- Compile script via Docker (no wrestling Golang versions)
- Python script to convert your Nmap XML output to the Zmap-style expected by QScanner for input

github.com/chriselgee/QSc…

I called up my buddy Jack Rhysider 🏴‍☠️ from Darknet Diaries and I asked him about his Dad, CactusCon , and if Jack has any advice for job seekers in this difficult job market.

Must-read article for pentesters:
isc.sans.edu/diary/Scanning…

Bojan Zdrnja and friends did an amazing job analyzing QUIC and built a tool to scan for it

If you read to the end, you might even find a super clever C2 idea!

#RealTalk

OK, but what if it's my JOB to social engineer these people?

Looking forward to Austin next month! It's extra nice when there's other stuff offered during a SANS event:

youtu.be/tsTADy3XYi8?si…

Unsought opinion/prediction:

The first major 'AI is alive' claim will come from an LLM provider who claims that destroying their model is tantamount to murder

investopedia.com/new-york-times…

I'm pretty sure there's a joke to be made about Moses parting the Red Sea... But this is just icky.

This is such a hard problem to fix - let alone prevent in the future. Anyone else happy this is not your job to fix?

Sorry, platform ate part of the command. That plus more now live as a gist:

gist.github.com/chriselgee/f40…

One-liner for collecting possible target org subdomains, based on certificate transparency logs:

curl -s 'crt.sh/?q=counterhack…' | jq -r '.[].name_value' | sort -u