digish0

@[email protected]
44 Followers
49 Following
197 Posts
Offensive security (red team), Nak Muay, Juijiteiro, and carbon based lifeform with a desire for dopamine and serotonin inducing stimulus
protonmail[email protected]
keyoxideopenpgp4fpr:48B47E8B01BDF32ECC0ABE639AC4459B4318B9666
Show threaddigish0Oct 5, 2024
@jerry this explains why the board members suddenly resigned
digish0Apr 25, 2024
Spoken at 4 events this year, now speaking at BSides Roanoke coming up in July.
digish0Feb 1, 2024
Lee Holmes Jan 29, 2024
Postman is a security risk and you should pursue other options: https://www.leeholmes.com/security-risks-of-postman/
Lee Holmes | Security Risks of Postman

Precision Computing - Software Design and Development

digish0Jan 22, 2024
nixCraft 🐧Jan 20, 2024
A bash shell script says SEE YOU SPACE COWBOY whenever you logout from your #Linux and #Unix session https://www.cyberciti.biz/files/scripts/seeyouspacecowboy.sh.txt
digish0Jan 17, 2024
SwiftOnSecurityJan 11, 2024

PUBLIC SERVICE ANNOUNCEMENT:

There is an increase of account takeovers due to insiders at telco firms simply giving control to people paying them/compromised support staff accounts. Do a check on systems where this single factor would permit an account compromise. And change the configuration. These are opportunistic trawling attacks. This is becoming more common as attackers replicate the success.

The attacker uses other channels (like people search websites) to enumerate and guess the phone number attached to an online account and then checks against the telco they have control over.

The insider only briefly temporarily forwards the victim number to a 3rd party then switches it back to normal once they’re in. This is how they stay quiet since most victims will not have leverage or telemetry to understand how they got hacked.

It was their cell phone provider.

Make it so account recovery systems require multiple factors and remove telephony-based recovery for VIP accounts entirely.
Go check your systems now. Go try to access all your stuff like you forgot your password.

I am very serious. This is based on private knowledge but is compelled by the compromise of the SEC. This is common now.

digish0Dec 21, 2023
cackalackyconDec 15, 2023
The CFP for our conference on May 17-19, 2024 is now open!
https://docs.google.com/forms/d/e/1FAIpQLSeEzxjhhfyjbgrJtlTeJhPyVsmHhTBdopg9dw3WZ71KeIXVMg/viewform
#cfp #hacking
CackalackyCon 2024 - Call For Papers

Greetz to all h4x0rs, stuff-breakers, InfoSec pros, g33k girls, international spies, and script kidz, CackalackyCon will occur on May 17-19 2024 in RTP, North Carolina (USA). We are now officially accepting speaker/paper/demo submissions for the event. If you are somewhat knowledgeable in any interesting field of hacking, technology, robotics, science, global thermonuclear war, lock circumvention, etc. (but mostly hacking), and you are interested in presenting at CackalackyCon, we cordially invite you to submit your proposal. First round will close on January 15, 2024 midnight EST (form submission timestamp). Some proposals will be accepted early. All submissions are due by February 16, 2024 midnight EST (form submission timestamp). Please review our “Tips For Getting Your CFP Submission Selected” before submitting. We value diversity so please don't hesitate to propose your ideas no matter how outlandish (following the Code of Conduct). If you are selected to present at the Con, you will receive: - Free CackalackyCon admission for you and one guest - Unlimited fist bumps from our staff - A reputation (not necessarily a good one) - Other swag Peace, The CackalackyCon Staff

Google Docs
digish0Dec 21, 2023

I'll be copresenting another workshop with @threlfall at cactuscon.com

See you there.

digish0Dec 21, 2023
Jeff MossDec 21, 2023

[1/2] Almost six months ago the Director of the Cybersecurity and Infrastructure Security Agency, Jen Easterly, directed the Technical Advisory Council (TAC) of the Cybersecurity Advisory Council (CSAC) to answer six questions around Memory Safety to help the department understand the challenges and opportunities of Memory Safe Systems Languages such as Rust, Go, and Swift.

DL/DR: Memory Safe Systems Languages are becoming mature, hyper-scale companies are doing incremental rewrites, there are additional protections that should be used in non-memory safe languages such as c++, and you should start to develop your roadmap. Please read the report. 😎

Since the TAC started working, Memory Safety has become a hot topic, with the NSA joining CISA to release "The Case for Memory Safe Roadmaps"

Last week the TAC submitted our final report at the quarterly public meeting and I'm pleased to link it here:
https://www.cisa.gov/sites/default/files/2023-12/CSAC_TAC_Recommendations-Memory-Safety_Final_20231205_508.pdf

#CISA #MemorySafety #Rust #golang #swift

Show threaddigish0Dec 20, 2023

@thijs Bitcoin, I mean if you're offering rewards, you need a bug bounty program, either in house or outsourced.

There's lots of issues and liabilities with sending payments to unverified individuals that your company may want to avoid. Send to some account that is on or ends up on the Treasury SDN/OFAC list and now your company's Paypal account and all bank accounts associated with that account and belonging to the same company are frozen.

Show threaddigish0Dec 20, 2023
@thijs A bug bounty program that has all that spelled out and usually has an intermediary that handles transfer of payment.