Grant Willcox

@[email protected]
0 Followers
66 Following
2 Posts
Metasploit maintainer, Ruby programmer and exploit developer.
GitHub (Work)https://github.com/gwillcox-r7
GitHub (Personal)https://github.com/tekwizz123
Blog (Old)https://tekwizz123.github.io
Bloghttps://tekwizz123.hashnode.dev/
Grant WillcoxDec 29, 2022
Kenn WhiteDec 29, 2022

I do NOT recommend Keeper for password management. Their posture towards security researchers has been anathema to accepted industry standards of vulnerability disclosure, to the point of litigation threats to journalists & security experts reporting on their products' bugs.

https://infosec.exchange/@KeeperSecurity/109592686000529593

Keeper Security (@[email protected])

@epixoip @sc00bz Don't forget about #KeeperSecurity, the only FedRAMP Authorized password manager with the longest-standing SOC 2 and ISO 27001 certifications in the industry. We stand by our extremely strict security standards. Here's a side-by-side comparison of how we stack up against LastPass: https://www.keepersecurity.com/blog/2022/07/18/keeper-vs-lastpass-whats-the-difference/. Our blog also features comparisons against other password managers on the market.

Infosec Exchange
Grant WillcoxDec 29, 2022
Show threadJoxean Koret (@matalaz)Dec 28, 2022

The idea is to add more samples until the whole set of current (in development) heuristics are hit or, if some aren't producing any result whatsoever, I would either drop them or put them in the 'unreliable' category, which is disabled by default.

PS: In #Diaphora 3.0 the 'experimental' heuristics are not considered experimental anymore and 'Slow heuristics' are enabled by default for 'small' databases too.

Grant WillcoxDec 28, 2022

Anyone got any good recommendations for getting started with improving #yardoc documentation within an existing project?

Been trying to see what people recommend online but most of what I have found has been more tutorials on YARD itself than how to actually develop a system for monitoring and increasing the level of documentation within a product using a systematic approach.

#ruby #yardoc #documentation #softwaredevelopment

Grant WillcoxDec 28, 2022
egyp7Dec 28, 2022
I don't know who needs to hear this but it doesn't need to be perfect.
Grant WillcoxDec 27, 2022

Anyone (perhaps @jerry) know why a profile like mine on Mastodon from an account that was deleted and then recreated might be listed as having 0 followers and 0 people that I am following, yet it still works like a normal account?

I'm perplexed at how months later these numbers haven't updated on my profile yet people seem to still be getting my messages so I'm thinking there is a disconnect somewhere that isn't affecting messages going out.

Grant WillcoxDec 27, 2022
Ruby WeeklyDec 26, 2022

Optimizing Ruby’s Memory Layout: Variable Width Allocation

https://shopify.engineering/ruby-variable-width-allocation

Discussions: https://discu.eu/q/https://shopify.engineering/ruby-variable-width-allocation

#programming #ruby

Optimizing Ruby’s Memory Layout: Variable Width Allocation

Shopify is improving CRuby’s performance in Ruby 3.2 by optimizing the memory layout in the garbage collector through the Variable Width Allocation project.

Shopify
Grant WillcoxDec 22, 2022
Kashmir HillDec 22, 2022
A tech company source used to make me turn off my phone before meetings because of concern that his employer would check to see if our phones were near each other. This was not a crazy concern it turns out! TikTok tried something like this to hunt down leakers: https://www.nytimes.com/2022/12/22/technology/byte-dance-tik-tok-internal-investigation.html
ByteDance Inquiry Finds Employees Obtained User Data of 2 Journalists

The company’s internal investigation showed that workers also obtained data on a small number of other U.S. users.

The New York Times
Grant WillcoxDec 21, 2022
Julia EvansDec 21, 2022

I know $12 USD is a lot of money for some people, so to celebrate 1000 sales, I'm giving away 1000 copies of The Pocket Guide to Debugging (honour system: please only use the free link if you can't afford $12!)

Here’s the link, use code BUYONEGIVEONE at checkout to get a free copy https://store.wizardzines.com/products/the-pocket-guide-to-debugging-pdf

(I can't disable the billing address prompt but you can just enter a fake address like 123 Fake st, new york NY 12345, (123) 123 4567 :))

The Pocket Guide to Debugging (PDF)

Grant WillcoxDec 19, 2022
Sergiu GatlanDec 19, 2022

GreyNoise has released a "Year of Mass Exploits" retrospective report for 2022 highlighting four of the most significant vulnerabilities of the year.

The list includes the Log4Shell (CVE-2021-44228) vulnerability, targeted in nearly one million exploitation attempts within the first week after its discovery.

https://www.greynoise.io/blog/2022-a-look-back-on-a-year-of-mass-exploitation

2022: A Look Back On A Year Of Mass Exploitation

Researchers at GreyNoise Intelligence have added over 230 tags since January 1, 2022, which include detections for over 160 CVEs. In today’s release of the GreyNoise Intelligence 2022 "Year of Mass Exploits" retrospective report, we showcase four of 2022's most pernicious and pwnable vulnerabilities.

Grant WillcoxDec 19, 2022
Julia EvansDec 19, 2022

It’s here!! My new zine “The Pocket Guide to Debugging” is out now!! It has 47 pages of my favourite strategies for solving your sneakiest bugs. 🔎 🐛

Get it here for $12: https://wizardzines.com/zines/debugging-guide/

wizard zines

wizard zines