I use speculative bullshit indicators to auto-block people who might be a vacuum on my Twitter experience. Blackhat EU, dnssecuritytxt, they/them

London
Joined September 2020
If you havenโ€™t read Lord of the Flies itโ€™s basically #infosec leaders using hearsay as woke currency while creatively retrofitting narratives to suite either character assassination, self promotion and or straw man arguments. 2021 LETS GOOOO
1
3
0
24
GIF
Show this thread
John Carroll retweeted
๐ŸŽ‰ Semgrepโ€™s taint mode is in beta! Now you can use the power of Semgrepโ€™s pattern matching to find injection vulnerabilities. โœ Juicy details in the taint blog post: r2c.dev/blog/2021/taint-modeโ€ฆ ๐Ÿฟ And a taint teaser: youtube.com/watch?v=LspdWH51โ€ฆ
0
13
0
23
John Carroll retweeted
Replying to @jpearcejourno
I think it handles it well. Apart from the actual narrative changes, Lynchโ€™s version falls down because you canโ€™t fit a book of that scope into one single 3 hour film without losing so much.
0
1
0
2
John Carroll retweeted
hang on a minute ... ๐Ÿง
437
318
165
5,846
Hah, I donโ€™t think Iโ€™ve ever seen โ€˜America flauntsโ€™ or โ€˜$Allies Flauntโ€ฆโ€™ Iโ€™m sure we will learn from them as they have from us
The hacking prowess on display at last week's Tianfu Cup suggests China is on course to surpass the West in offensive cyber power warontherocks.com/2021/10/chโ€ฆ
1
0
0
0
The value of sharing this โ€˜capabilityโ€™ isnโ€™t half as useful as not sharing it imo
0
0
0
0
MS told me I would not receive ANY bug bounty unless I agreed not to impose ANY deadline, ever. I did not agree. MS fixed all my bugs in time. I never released any 0-day. I got an MSRC sweater and a Top 100 Security Researchers mention as a thank you. #BugBountyLife๐Ÿค‘๐Ÿค‘
0
1
0
0
John Carroll retweeted
Meanwhile at REvil's hideaway.
8
45
9
311
John Carroll retweeted
Microsoft is releasing a new registry key for DHCP WPAD: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "DisableProxyAuthenticationSchemes"-> 0x00000004 = DISABLE NTLM Only implemented on Windows 2022 & 11 right now.
8
158
2
429
๐ŸคŒ๐Ÿป๐Ÿ™Œ
This is why it makes sense to have reasonable disclosure deadlines: it guarantees vendors either pay attention or pay for not paying attention. Disclosure informs the public of the security risks a vendor exposes its customers to and incentives the vendor to do better.
0
0
0
0
John Carroll retweeted
423
2,076
171
8,878
๐Ÿคค๐ŸคŒ๐Ÿป
2
0
0
11
John Carroll retweeted
I wanted to find a MS Office DLL that exported a specific symbol. So I written a script that recursively scans PE imports/exports and prints them nicely: bit.ly/3nnGb6z Example pic shows Exports in Office DLLs which names indicate they might exec something. Enjoy :)
2
49
2
163
John Carroll retweeted
Replying to @lucky225 @da_667
While we didnโ€™t โ€œworkโ€ for John Deere, definitely know what itโ€™s like to not get paid by a vendor, along with the other 195 reportees that are in their Charity Program @wabafet1 @D0rkerDevil @johnjhacking @rej_ex @0x686967 chuloconculo 22 days since their last resolution ๐Ÿ˜ฌ
2
5
0
7
John Carroll retweeted
Are you excited about creating beautiful policies, #ISO27001 or spreading security awareness? Join the security team and help us keep beacon.com safe! I am looking for a Senior Security Analyst (GRC) in the UK! beacon.com/jobs/senior-inforโ€ฆ #infosec
0
4
0
3
GIF
CURRENT ACTIVIY: On October 24, 2021, Network Time Protocol servers using bugged GPSD versions 3.20-3.22 may rollback the date 1,024 weeksโ€”to March 2002โ€”which may cause systems and services to become unavailable or unresponsive. Learn more: bit.ly/30IR0s1
2
2
0
9
GIF