Mike Wooldridge 

@[email protected]
51 Followers
93 Following
113 Posts
Tech geek looking after the cloud infrastructure for a railway ticketing company & Cybersec Masters degree student at the Open University
Study athttps://ou.ac.uk
Admin athttps://railforums.co.uk
Show threadMike Wooldridge May 2, 2023
@postmodern I hope that's not the reason - ChatGPT has been wrong (sometimes dangerously so) when testing it with even basic security queries. Though with some of these the limitation is presumably due to its knowledgebase being limited to pre-2021...
Mike Wooldridge Mar 28, 2023
DarrenMar 28, 2023
What five or six things would you recommend the average non-tech specialist, busy, cash-strapped small business do to improve its security? Rough order of importance.
Boosts appreciated!
Show threadMike Wooldridge Mar 28, 2023
@Darrenpauli Ooooh good question! Mine would be:
A subscription to a good password manager (ideally one that also allows shared 2FA keys in the vault like 1Password) - top by quite some way.
Other than that:
Eset antivirus license keys / hardware FIDO-compatible 2FA keys (e.g. Yubikey) with NFC for anyone who accesses customer data regularly across multiple devices / Good quality laptop backpack for anyone taking devices outside of the office / Kensington-compatible locks for laptops/POS systems in a customer-facing environment
Mike Wooldridge Mar 28, 2023
BrianKrebsMar 27, 2023

If your $dayjob is at all related to security, I'd love to hear from you about what type of mobile phone you currently rely on.

I've never really seen a data-based breakdown of the answer to this question, and I'm genuinely curious. Thanks!

p.s. if you vote, please also boost this poll!

iPhone
53.7%
Google Pixel
21.4%
Samsung
10.4%
Other Android
14.5%
Poll ended at .
Mike Wooldridge Mar 5, 2023
Chilling by the pool on holiday in Tenerife reading Four Internets by Wendy Hall / Kieron O’Hara - such a good outlook on the politics of the internet past, present and (predicted) future.
Mike Wooldridge Feb 19, 2023
@zak That’s very cool, thanks for the quick reply!
Mike Wooldridge Feb 19, 2023

@zak 100%! Though that does remind me - one particular post I can’t immediately find again was talking about not using 2FA within passwords managers as there’s a reliance on that service entirely (often, you can reset a password easily but 2FA needs a lot more hoops) whereas phone 2FA apps don’t rely on any additional server availability.

Made me think (even if the substance of where their point was going is questionable) - is there any mechanism either current or planned to overcome the issue of any potential temporary 1Password server issues? (Not that I’ve come across any!)

Mike Wooldridge Feb 18, 2023
n0kovo 🇩🇰​Feb 18, 2023

I made a Burp extension! Are you tired of manually copying request headers from Burp, formatting them like

-H 'User-Agent:Something'

and pasting them into your command to use them with cURL, Gobuster, Wfuzz, fuff, Feroxbuster etc.?

I sure was. So I made this:
https://github.com/n0kovo/burp-copy-headers-as-args

You're welcome ❤️

#burpsuite #pentest #pentesting #bugbountytips #bugbounty #foss #appsec #hacking #tools #infosec #redteam #redteaming #PentestingTools #fuzzing #bapp

GitHub - n0kovo/burp-copy-headers-as-args: Copy request headers in -H format (cURL, Wfuzz, Gobuster etc.)

Copy request headers in -H format (cURL, Wfuzz, Gobuster etc.) - GitHub - n0kovo/burp-copy-headers-as-args: Copy request headers in -H format (cURL, Wfuzz, Gobuster etc.)

GitHub
Show threadMike Wooldridge Feb 18, 2023
@n0kovo This is amazing - thank you!
Show threadMike Wooldridge Feb 18, 2023
@Lesault Yup I've been seeing the same (it's been struggling on and off for a few hours now)...real pain as I'm trying to catch up on an interesting thread that I can't get to the second half of!