Daniel Cater

@djcater

3C62756766696E6465722F3E. Penetration tester. Security researcher. Prioritises private collaboration over public Twitter shaming for vulns in your organisation.

London, UK
Vrijeme pridruživanja: veljača 2009.

Tweetovi

Blokirali ste korisnika/cu @djcater

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @djcater

  1. Prikvačeni tweet
    9. srp 2019.

    Don't avoid making objective improvements in security just because you're not moving to the latest and greatest trend. Big changes take time to get right. Improving things one step at a time is a worthwhile exercise. Ignore those shouting from the sidelines with no insight.

    Poništi
  2. 18. sij

    A Haiku for the CTF: The weekend is here Time to try the CTF Alas, 502

    Poništi
  3. 16. stu 2019.

    When a one-character typo means instead of you advertising 4 IPv6 addresses via BGP you advertise 83 billion trillion trillion addresses. Oops.

    Poništi
  4. 16. lis 2019.

    I think when people say "well if they run malware then it's Game Over anyway", then they're not being very ambitious. We should be aiming for better defence in depth. Should we just tell all the people working on exploit mitigation to give up? No - work on minimising the impact.

    Poništi
  5. 25. ruj 2019.

    Remember when HTTPS was to *prevent* a MitM injecting JavaScript into your site? Its a cool feature, but it just emphasises the power a CDN has over your site and your visitors. Balance this against your own threats and risks.

    Poništi
  6. 11. ruj 2019.

    Great talk at the community evening from on finding high-impact vulnerabilities in CI/CD infrastructure.

    Poništi
  7. 10. ruj 2019.

    It looks like Apple are now pretending that CVE-2019-8605 was never fixed in 12.3, but only just fixed in 12.4.1, but the Wayback archive shows otherwise:

    Poništi
  8. 2. kol 2019.

    Wow, the forums are toxic.

    Poništi
  9. proslijedio/la je Tweet
    2. kol 2019.

    Delighted to be presenting a workshop on Windows Breakout and Privilege Escalation next week. We'll be exploring classic Windows break-outs, privilege escalation vectors, remoting protocols and extraction of secrets!

    Poništi
  10. 13. srp 2019.

    An excellent post-mortem but also a great reminder of that quote: 'Some people, when confronted with a problem, think "I know, I'll use regular expressions." Now they have two problems.'

    Poništi
  11. 4. srp 2019.

    This week I got called a snitch for forwarding a vulnerability report which was dropped on Twitter to the vendor, who then fixed it. That was weird.

    Poništi
  12. 2. srp 2019.

    A reminder that maybe having a single gatekeeper to the web is not the best idea. Extra reminder 1: don't have your SOA in the same basket as your CDN: makes it difficult to switch to a backup CDN provider! Extra reminder 2: have upstream DNS resolvers with more than company...

    Poništi
  13. 2. lip 2019.

    Good luck to the Site Reliability Engineers at Google right now. G Suite down, Google Cloud Compute Engine down...

    Poništi
  14. 2. lip 2019.

    To save you going down a rabbit hole of debugging: Burp adds "Connection: close" to requests by default, meaning the TCP connection is torn down after each request. This can break some workflows on embedded devices or in certain authentication schemes.

    Poništi
  15. 25. svi 2019.

    I received a phishing SMS that linked to a fake Halifax bank login page. I reported it to Google's Safe Browsing service as usual and it was blocked in Firefox and Chrome shortly after. This time I also decided to report it to the hosting provider, and to my surprise, it worked!

    Poništi
  16. 25. svi 2019.

    Cloudflare with a few teething issues on their new Speed dashboard.

    "Visitors to your website see content in NaN seconds on Cloudflare"
    Poništi
  17. 22. svi 2019.

    Same comment for based on today's post. I know it won't change much and for the most part I agree, but I just wanted to make a small anecdotal counterpoint, that I do sometimes find them useful.

    Prikaži ovu nit
    Poništi
  18. 21. svi 2019.

    I'd like to think that there are no public RCE expoits for CVE-2019-0708 because everyone is being reserved and responsible given the severity of it and that it was only patched 7 days ago.

    Poništi
  19. 20. svi 2019.

    TCSM: Thread... Core... Scheduling... Mechanism? Separation Mechanism? My guess is that you mark a thread as running untrusted code, meaning that you don't want it scheduled via hyperthreading on the same CPU core at the same time as trusted code. Better perf than disabling HT.

    Poništi
  20. 14. svi 2019.

    Also, I hope are using in-app notifications to warn people if they are running an unpatched version.

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·