Sr. Security Analyst | Sec+ | CySa+ | CASP+ | CSAP | PowerShell and Python 4 Eva | lover of milkshakes | Awkwardly Social character

Joined September 2019
I agree that "Linux Subsystem for Windows" makes more sense than "Windows Subsystem for Linux". But maybe that's why Azure peeps put a very Windows-like vuln on their Linux MIs. ;P
iOS Calendar Invites; MSHTML Exploit Docs; Mirai Hunting OMIGOD; Netgear Exploits i5c.us/p7678
0
1
0
3
Marshall Banana retweeted
Cybersecurity talent is needed most at organizations who can't afford it. To focus on this sector as an entire job is an incredible niche. We can't rely on this at scale. Generalists and normal IT people need to be able to succeed.
25
111
13
672
Your Spider-Man villain name is 1) the color of your shirt Followed by 2) the most exotic animal you have ever touched. Make way for… The Sky Blue Marshall I’m exotic AF *touches self* - hey all you cool cats and kittens!
Your Spider-Man villain name is 1) the color of your shirt Followed by 2) the most exotic animal you have ever touched. Make way for… The Hot Pink Coconut Crab 🦀
2
0
0
2
As an American in America with family overseas who get universal healthcare, YOU ABSOLUTELY DO NOT WANT TO DO THIS. Our healthcare system is f*cked. I promise. Our way is not the way. We suck at this.
As a Brit stuck in the USA I can tell you YOU ABSOLOUTELY DO NOT WANT THIS. NEVER. EVER.
0
0
0
2
I have found that while venting & calling a bad day “a bad day” feels fine for a time, if I write off a WHOLE day as bad, I make worse decisions later in the day & it doesn’t improve. So I suggest not writing the whole day off too soon. Keep yourself open to have a better day.
5
2
1
42
Marshall Banana retweeted
#OpenSource folx, a poll for you! Do you believe that maintainers have the right to take their projects down, as in remove the original source repository?
47% Yes
2% Hand off only
46% Archive; let forks happen
5% No
2,214 votes • Final results
79
35
14
49
Show this thread
Marshall Banana retweeted
If your argument for returning to office is to continue exclusionary hiring practices… you got some bigger issues.
I used to think the same when writing AI code for robots when I was 22. When I was around 35 realized that a persons technical skills can only take so far and most executives made their careers by good bar conversations and outings...
10
18
0
146
Marshall Banana retweeted
The service I like to refer to as "so I've got my pseudocode, now how the hell do you turn it into real code" grep.app/
2
11
0
62
Ok - hear me out. When a child says they want candy for dinner maybe you let them try it once to see how sick they get. When they keep asking, you tell them no because it’s in their best interest. Govt is about the greatest good for the most ppl. Not about appeasing children.
"Republican legislators in more than half of U.S. states, spurred on by voters angry about lockdowns and mask mandates, are taking away the powers that state and local officials use to protect the public against infectious diseases." apnews.com/article/health-pa…
1
0
0
5
Marshall Banana retweeted
Over 60 million wearable, fitness tracking records exposed via unsecured database zd.net/3975PFS #Privacy
0
3
1
3
Which free application security (training) resources do you recommend and why? #infosec
13
11
1
36
Marshall Banana retweeted
Replying to @TimMedin @NoleSec
The fear of the expert "asshole audience" scared we away from speaking for years. Many, many years. @strandjs finally helped me realize this and share.
3
1
3
24
Marshall Banana retweeted
Is there a tool to “prettify” shodan CLI results like nmap bootstrap?
9
5
0
31
Show this thread
Junior dev makes a mistake: “im so fired, my career is over” Senior dev makes a mistake: “lol, hey guys look at this dumb shit I did”
78
1,325
147
9,364
Marshall Banana retweeted
This thread is bananas (as is the vulnerability it describes).
Microsoft Azure silently install management agents on your Linux VMs, which now have RCE and LPE vulns. Microsoft don’t have an auto update mechanism, so now you need to manually upgrade the agents you didn’t know existed as you didn’t install them. wiz.io/blog/secret-agent-exp…
Show this thread
6
22
0
107
I’ll even go so far as to say regular end users. The teens and 20’s watching the tiktok about security content. If some rando sees how a WiFi pineapple works and learns of easy mitigation’s maybe that helps more than us protecting end user emails only while at work.
What he said. Also, bad actors will not be deterred by a lack of security content on TikTok. But you know who else benefits from understanding how threat actors compromise networks? The people defending your sensitive data, that's who.
0
0
0
1
Marshall Banana retweeted
If you use @travisci, read and heed. This is an abysmal failure in handling an extremely serious vulnerability. This is a canary in the coal mine for how security is handled there and unfortunately it looks like the place is littered with cages of decomposing bird carcasses...
Between the 3 Sept and 10 Sept, secure env vars of *all* public @travisci repositories were injected into PR builds. Signing keys, access creds, API tokens. Anyone could exfiltrate these and gain lateral movement into 1000s of orgs. #security 1/4 travis-ci.community/t/securi…
Show this thread
1
17
0
43
Marshall Banana retweeted
Anonymous has just announced a massive hack of Epik, long known as the hosting provider of choice for neonazis, right-wing extremists, and other Internet trash. Anonymous are releasing a decade's worth of detailed Epik customer & domain data, passwords, emails, and private keys.
293
3,476
710
8,926
Show this thread