brsn

@[email protected]
22 Followers
197 Following
28 Posts
https://twitter.com/brsn76945860
brsnNov 20, 2024
BrianKrebsNov 20, 2024

I'm sick to death of people telling me I should be on this or that social network that's controlled by some billionaire wingnuts. I'm perfectly happy where I am. And I have a strong feeling that we're going to see something of a great migration here soon (fingers crossed).

Meantime, go ahead..say Bluesky one more time.

brsnMay 27, 2024
internetarchiveMay 27, 2024

Sorry to say, archive.org is under a ddos attack. The data is not affected, but most services are unavailable.

We are working on it & will post updates in comments.

brsnApr 30, 2024
rain 🌦️Apr 30, 2024
disconcerting that "reading a lot of code and thinking really hard" is still unparalleled as a way to find bugs
brsnJan 31, 2024
anyone have a Shodan sig for the Ivanti Avalanche devices? Would like to get some idea of just how many are out there @GossiTheDog
brsnNov 15, 2023
@joohoi is there a way to tell #ffuf to display requests that caused errors? For example, if the same request, no matter the amount of threads always times out, I want to look into it and figure out what's different about it.
brsnJul 23, 2023

@riskybusiness @campuscodi trying to make sense of the citrix netscaler exploitation reports, we have Imperva saying "a few thousand attacks targeting primarily US and Australian sites" and meanwhile greynoise, who have been given IoCs by bishopfox (the only ones publicly claiming to have reproduced the RCE, given their track record I don't doubt they actually did), are saying they're seeing exactly zero exploitation attempts at https://viz.greynoise.io/tag/citrix-adc-netscaler-cve-2023-3519-rce-attempt?days=3

Thoughts?

brsnJul 6, 2023
Josh "cortex" MillardJul 6, 2023
I’m a cranky old-web person but I’m just genuinely fucking mystified that the reaction to either Jack’s or Zuck’s new corporate social media landgrab isn’t a loud unanimous laughing “no, get fucked”. Twitter and Facebook were a warning, not an instruction manual.
brsnFeb 8, 2023
@riskybusiness @campuscodi the Toyota hack you mentioned on the show is indeed quite funny and a sign of the times that one is able to do this without any repercussions, though it’s worth mentioning they have a unpaid “vulnerability disclosure program” or VDP, which is a bit of rort for such a big company seeing as they have plenty of dollarydoos to spend rewarding people for running rings around their security. The program exists at https://hackerone.com/toyota?view_policy=true. Interestingly the terms of these programs often prohibit you from disclosing it publicly so I’m curious if the hacker even went through that program.
Toyota - Vulnerability Disclosure Program | HackerOne

The Toyota Vulnerability Disclosure Program enlists the help of the hacker community at HackerOne to make Toyota more secure. HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited.

HackerOne
brsnJan 28, 2023
@itm4n is your Insobug challenge available anywhere? Or was it only up during the ctf?