Jeff McJunkin

@[email protected]
1.4K Followers
999 Following
21 Posts
Started in ops and blue team, now I hack for a living. SANS author/instructor in Oregon. Founder of http://roguevalleyinfosec.com. GSE #128. He/him.
Jeff McJunkinFeb 21
Elizabeth Jacobs, PhDFeb 19
A new paper shows that less than 2 months of exposure to Twitter’s algorithmic feed significantly shifts people’s political views to the right. Moving from chronological feed to the algorithmic feed also increases engagement. This is one of the most concerning papers I’ve read in awhile.
Jeff McJunkinDec 30
@wdormann may be interested to hear -- I got the Python 2.7 CERT Basic Fuzzing Framework ported to Python 3 and Windows 11, along with getting MSEC (!exploitable) compiled using VS 2022, working well enough to find exploitable flaws that Claude Code could then build an exploit for:
Jeff McJunkinOct 10, 2025
@egypt, you are loved and missed at Wild West Hackin' Fest. The chess tournament is still going strong, thanks to you starting it.
Jeff McJunkinMar 8, 2024
Eric CapuanoSep 7, 2023

Excellent resource for building a home lab by @jeffmcjunkin !

https://docs.google.com/presentation/d/1V-mWiyaJ3I6HhXRxH1M5ityWYRqb5PoNHwvWSZaOr_E/edit#slide=id.p

Jeff McJunkinMar 5, 2024
Ron BowesMar 5, 2024

If you read between the lines on the JetBrains and Rapid7 story, you'll see that JetBrains decided to cut Rapid7 out of the loop on Feb 23, but told Rapid7 that they're "still investigating" on Mar 1.

However you feel about PoCs, technical details, disclosure, etc., it's super inappropriate to lie to researchers who disclosed this to you responsibly about what your plans are.

Refs:

JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities | Rapid7 Blog

In February 2024, Rapid7's vulnerability research team identified two new vulnerabilities affecting JetBrains TeamCity CI/CD server. Learn more!

Rapid7
Jeff McJunkinDec 21, 2022
Lesley Carhart Dec 20, 2022
I’m just here to try to reach the geeky kids, maybe LGBTQIA, maybe alt, maybe on the spectrum, maybe just a little weird - and tell them that you can be 40 and have a Star Wars living room, and you can decide to not have kids and still have a life full of meaningful relationships and not regret it at all, and you can be a gamer and learn work skills from it, and you can be single but still do everything and travel the planet, you can be covered in tattoos and piercings and still be a successful business leader & public speaker, you can know trans rights are human rights and still be retired from the military, you can do whatever you want to as long as you show up every day and put in the work and put up a good fight - don’t let the people around you, society, your family, crappy friends, lousy spouses, what “they” told you, or the entropy of it all drag you down. Life can be really unfair, but learn your own personal battles, find your own family, and find meaning in the goofy world.
Jeff McJunkinDec 20, 2022
Lesley Carhart Dec 13, 2022
If you are new here in #cybersecurity, (welcome new influx!) some great hashtags to follow or take a peek at might be: #ThreatIntel #GetFediHired #CyberMentoringMonday #MastodonTips - just a few places to start! There are also almost daily fun photo and post themes, so watch the hashtags on your server and federated!
Jeff McJunkinDec 19, 2022
Eric CapuanoDec 19, 2022
Pro tip for network & system admins... If you have a load balancer set up in front of your web-facing servers (like OWA, etc), please consider enabling the X-Forwarded-For header to make log analysis easier during the inevitable IR. This header captures the actual source IP of the request and passes it to the backend server, despite the traffic appearing to come from the load balancer's IP. #infosec #DFIR
X-Forwarded-For - Wikipedia

Jeff McJunkinDec 17, 2022
Katie NickelsDec 15, 2022
Gooooo @hacks4pancakes!!! Congratulations on your SANS Difference Maker Lifetime Achievement Award - we're so glad you have a whole lifetime ahead of you to keep being awesome. :)
Jeff McJunkinDec 8, 2022
MetasploitDec 8, 2022

Metasploit's holiday hacking challenge debuts in TryHackMe's Advent of Cyber series tomorrow, December 9: https://tryhackme.com/christmas

For double the holiday fun, @zeroSteiner is also streaming on Twitch tomorrow at 4:30 EST (US). Jump on the stream to watch him add new methods to our #PetitPotam module (for better authentication coercion): https://www.twitch.tv/zerosteiner

TryHackMe | Cyber Security Training

TryHackMe is a free online platform for learning cyber security, using hands-on exercises and labs, all through your browser!

TryHackMe