Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @jared_perry
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @jared_perry
-
Jared Perry proslijedio/la je Tweet
Just received my first non dup, non info-only bug bounty pay out. This one feels great due to the impact and greater good. Will disclose if I can, also will be sharing the bounty via swag, drinks, and treats for my team. :)
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Jared Perry proslijedio/la je Tweet
Beyond stoked to announce that we (
@digita_security) have been acquired by@JAMFSoftware
https://www.jamf.com/resources/press-releases/jamf-acquires-digita-security-creators-of-enterprise-endpoint-protection-built-exclusively-for-mac/ …
This opportunity to take our Mac-focused enterprise security efforts to the next level, is a dream come true 
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Jared Perry proslijedio/la je Tweet
Oh look, surprise surprise Verge had a completely different (better) takehttps://www.theverge.com/2019/7/31/20748886/capital-one-breach-hack-thompson-security-data …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Jared Perry proslijedio/la je Tweet
Wondering how the capital one breach could have been prevented? Check out our very own
@jared_perry's post on early lessons https://blog.stratumsecurity.com/2019/07/31/early-lessons-from-the-capital-one-breach/ …#CapitalOneBreach#awsHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Jared Perry proslijedio/la je Tweet
SSRF is the new RCE in the world of magic IP addresses.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Jared Perry proslijedio/la je Tweet
Sorry, Senator, but that wasn't "Cybersecurity 101." It was a non-trivial attack that required significant expertise in systems engineering and information security. 1/https://twitter.com/RonWyden/status/1156237806022397953 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
As a mitigation you can use IAM conditions by NAT gateway IP or block/proxy access to the metadata endpoint but not super scalable or enforceable. Does anyone have a more scalable solution?
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
If you have a misconfigured proxy, functionality that can be abused for SSRF or poor container setup, an attacker can get at the metadata. If a role is assigned, they can grab the temp credentials and use them outside the VPC. In this case there was excessive privileges to S3.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
In light of the Capital One breach, it sounds like credentials were obtained from EC2 metadata for the WAF role. Something I don't think is really appreciated is that you can get temp credentials for a role from the metadata on an instance and use them outside VPC.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Jared Perry proslijedio/la je Tweet
I thought that the BlueJeans daemon on tcp:18170 went away in a recent update. It used to be passing a url with user input from the bjn:// handler into a nodejs child_process.spawn sink that gets passed to the macOS open command.pic.twitter.com/7Z6FuMNGqE
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Jared Perry proslijedio/la je Tweet
Everyone is sharing the Zoom vuln, but the crucial bit is this : $> lsof -i :19421 $> kill -9 <pid> $> rm -rf ~/.zoomus $> touch ~/.zoomus Read the article, be horrified at
@zoom_us's response. Use the exploit link to prove you've patched your system.https://medium.com/@jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5 …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Jared Perry proslijedio/la je Tweet
I'm exited to announce, that I just released the first version of the
#serverless#benchmark v2. You will find continuous metrics benchmarked for the#FaaS products of@aws@GCPcloud@IBMcloud@Azure and@Cloudflare on https://serverless-benchmark.com Tell me what you think!pic.twitter.com/IeqbpDaVND
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Jared Perry proslijedio/la je Tweet
This hits home today. AKS, EKS, and GKE are far from created equal. Maturity levels (especially in security features) differ wildly.https://twitter.com/manicode/status/1100422495998341120 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Jared Perry proslijedio/la je Tweet
SSO without proper security (strong password plus strong MFA) is a hacker’s dream. Everyone in one spot. But SSO properly managed and secured is awesome for security. It sure beats trying to wrangle multiple login points that get orphaned and lost (looking at you, OWA!).
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Jared Perry proslijedio/la je Tweet
Don't come to me with your "
#infosec talent shortage" when what you really mean is "I'm not willing to train people up". There is a legit shortage of experts to fill available positions. The solution isn't to fight over the same candidates. It's to make more experts.Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Jared Perry proslijedio/la je Tweet
Patch your Domain Controllers running DNS (typical config, so most orgs) ASAP. DNS remote code execution vulnerability which runs as LocalSystem on Windows DNS server (usually a DC). https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8626 …pic.twitter.com/PGKJpufplT
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Jared Perry proslijedio/la je Tweet
Tired of setting up your own DNS server for pentests? Check out our latest blog post by
@jared_perry for doing just that using@Amazon_Route_53#awssummit#aws#amazonhttps://blog.stratumsecurity.com/2018/10/17/route-53-as-a-pentest-infrastructure/ …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Tired of setting up your own DNS server for pentests? I wrote a simple blog post for using AWS Route 53 instead.https://blog.stratumsecurity.com/2018/10/17/route-53-as-a-pentest-infrastructure/ …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Jared Perry proslijedio/la je Tweet
As of today, we’re auto-scanning public repos for exposed tokens and keys. If we find them, we’ll alert the providers to prevent security breaches before they even happen
https://blog.github.com/2018-10-16-future-of-software/ …pic.twitter.com/Bc56FOrAmN
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Jared Perry proslijedio/la je Tweet
Congratulations
@GitHub on launching Actions! https://github.com/features/actions … If you didn’t notice, Actions are configured with HCL (HashiCorp Config Language).
pic.twitter.com/fGWytEZz5Q
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.