I've consolidated a list of security scanners user agents. Many modern one send a fake UA. But some don't. Here is the list - minus public security services such as ssllabs; all lowerkey and abbreviated to essential keyword:
betabot
bewica-security-scan
dirbuster
fimap
gobuster
havij
hexometer
jbrofuzz
jorgee
libwhisker
masscan
massscan
morfeus fucking scanner
nessus
netlab360
netsparker
nikto
nmap
nuclei
openvas
sitelockspider
sqlmap
sysscan
w3af.org
webbandit
webshag
wfuzz
whatweb
wprecon
wpscan
zgrab
zmeu
I've gone through many, many different sources. Did I miss anything?
1st real use case for chatgpt where it allows me to perform something I would not attempt without assistance:
Qualify a list of ~2K user agents I grabbed from github. Chatgpt tells me if they are popular at all and what their use case is.
Working with the CLI by @mmabrouk_.
The video of my @1ns0mn1h4ck keynote
"Crazy Incentives And How They Drive Security Into No Man's Land"
is now online.
Watch this if you believe in Bug Bounties, pie charts or if you think the shepherd got bad press when he cried wolf too often.
Difficult question:
I'm facing a situation where I need to prepare an architecture including backup that will allow to remove user data in the future, also from the backups.
What design options do I have?
Where can I read about this?
Who do I need to talk to?
In a recent interview I explained that building trust in #EVoting will take many years - if ever.
And that it can only grow through successful management of failures and crisis.
The interview is part of a series in🇨🇭@inside_it magazine. Thanks Thomas Schwendener for the great questions!
https://www.inside-it.ch/e-voting-report-vertrauen-ist-eine-funktion-der-zeit-20230404
The Swiss Cyber Storm conference has been running for many years and we regularly have exceptionally positive feedback from the audience.
Here is my take on how to deliver a great IT security conference. 10 points in the blog post. Here is a brief summary.
https://www.swisscyberstorm.com/2023/03/20/how-to-set-up-a-great-conference/
#1: Know who you are and what you want
#2: A great program is essential (but not for the reasons you expect)
#3: Creating a great program based on a CfP often fails
#4: Creating a curated program is much easier
#5: Create a speaker flyer (you did not see this coming, did you?)
#6: Pay your speakers (at least all their expenses)
#7: Keep the sponsors away from the main track
#8: Treat your speakers like stars
#9: Coach your speakers
#10: Don’t underestimate the catering
As the program chair, I seem to be somewhat fixated on the program. :)
And I will the defend the need for great sponsors very much. It's just that handing them over the main stage undermines the value of the conf - and that's ultimately what they are paying for. So you kind of need to protect the conference from the individual sponsors for all the other sponsors since the main stage is a limited resource.
John Leyden