Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @alexchantavy
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @alexchantavy
-
Is it important to you for an open-source project to include a container in its Github? If so, why? Do they help reduce friction in deploying it at work, or is it more about being able to play with a demo?
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Saw this on HN and I think it expresses what we're trying to do with our error handling approach (or lack thereof
) in Cartography: https://stratus3d.com/blog/2020/01/20/applying-the-let-it-crash-philosophy-outside-erlang/ …
Let it crash:
- Code for the happy path
- Don't catch exceptions you can't handle properly
- Software should fail noisilyHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
There's lots of tech we could use to do this (a hacky Makefile? Apache Airflow?), and we'd also need to research and test if Neo4j's IO can handle what we throw at it. Anyway, just sharing some thoughts on what we're thinking about on Cartography's roadmap.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Our sync could look like a directed-acyclic graph of dependencies. E.g. we need to load S3 buckets before we load S3 ACLs, but neither are needed to load GCP instances, so an AWS sync could run in parallel with a GCP sync to make things more speedy and reliable.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
One of Cartography's challenges is managing data dependencies. We sync data from many sources, and this happens in a serialized way: e.g. an AWS API can fail and crash the whole sync so we won't get GCP data. This is not ideal, and we need to pick a better long term approach.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Does the AWS resourcegroupstagging API return data for all assets and all tags (even if they aren't in a resource group)? Context: https://github.com/lyft/cartography/pull/174#issuecomment-573903312 … - I'd like to ingest all tagged AWS assets in Cartography with one boto3 API call.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Alex Chantavy proslijedio/la je Tweet
Lots of inspiration from studying the projects released by
@0xdabbad00@arkadiyt@alexchantavy and@awscloud to determine what exposures can exist in#AWS.#infosec#cloudsecurity https://know.bishopfox.com/events/rob-ragan-and-oscar-salazar-at-acod-2020 …pic.twitter.com/9dEUy3zrOZ
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Alex Chantavy proslijedio/la je Tweet
Just blogged: "Mapping Moving Clouds: How to stay on top of your ephemeral environments with Cartography" - How to leverage Cartography to detect, identify, categorize, and visualize all the assets being deployed in your estatehttps://www.marcolancini.it/2020/blog-mapping-moving-clouds-with-cartography …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Just merged in my guide on how to write your own Cartography intel modules - https://github.com/lyft/cartography/blob/master/docs/writing-intel-modules.md … - look forward to seeing your contributions
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Video recording of me showing off Cartography is up! Thanks again to
#shiftappsec --https://vimeo.com/showcase/6576390/video/373181714 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
I'm pretty proud of this. Also added an analysis job to tag instances as open to the internet via firewall rules: https://github.com/lyft/cartography/pull/90 …https://twitter.com/sachafaust/status/1138618792756502528 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
> What if an Ethereum owner stored their digital money with a private key [...] that had a value of 1? RIP lmaohttps://twitter.com/hudsoncress/status/1120679586084413441 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Alex Chantavy proslijedio/la je Tweet
Going from Red Team to Blue Team must be terrible. “I found a virtual appliance with the default password! I rule!” “I found a virtual appliance with the default password! Now I have to fix it myself! But there’s no audit logs to show what services are hooking into the API!”
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Alex Chantavy proslijedio/la je Tweet
Blog Post: Arbitrary, Unsigned Code Execution Vector in Microsoft.Workflow.Compiler.exe https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb … Bypasses all forms of whitelisting, circumvents Win 10S, and is unlikely to ever be used in your environment, hence, it should be trivial to detect.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Alex Chantavy proslijedio/la je Tweet
Ever wonder what process is using your microphone? I just wrote short entry on how to do this with WNF from a kernel-mode driver. https://gracefulbits.com/2018/08/13/find-which-process-is-using-the-microphone-from-a-kernel-mode-driver/ …. cc
@real_redp@aionescu@pwissenlitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Alex Chantavy proslijedio/la je Tweet
Y’all knew it was just a matter of time : ) PowerShell is definitely a "gateway drug" to C# - GhostPack is a collection of new security tools (currently C#) details at https://posts.specterops.io/ghostpack-d835018c5fc4 … , code live athttps://github.com/GhostPack
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Alex Chantavy proslijedio/la je Tweet
Bad news for CyberSecurity AI-based products.https://twitter.com/CrimeADay/status/1018653556327550981 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Alex Chantavy proslijedio/la je Tweet
r_fast_r_furious is an npm module which quickly validates whether a movie is part of the Fast & Furious sagahttps://github.com/alunny/r_fast_r_furious/blob/master/fast.js#L11 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
