This post did not contain any content.

This post did not contain any content.

@Viss @iagox86 @cR0w @darthnull sometimes, it can be pretty helpful. If for no other reason, the references sometimes point to an actual write-up instead of nuclei's meta-request template bullshit.

@iagox86 @cR0w @darthnull what's incredibly fun is looking at nuclei-templates repo, thinking you've found something that can serve as a proof of concept for some thing you really needed, and its a GET request that they parse with regex for version strings.

Thanks for that, I guess.

@iagox86 @cR0w @darthnull If I had a dollar for every time I was looking up PoC/exploits for a given CVE, and its some slop report from a website that just seems to scrape cve.org and regurgitate it along with very generic remediation recommendations, I probably wouldn't be rich, but like, I could have a fairly nice lunch.

@FuturisticRobert @cR0w @krypt3ia @Viss no shit. My hourly rate starts at 400 an hour, minimum of 4 hours.

@catsalad Clavicus Vile, at it again.

@Dio9sys sorry to keep badgering you, and if you're under NDA or just don't want to right now, that's fine, but can you tell me if it was an actually cookie header value?

@Dio9sys Quick question- the initial payload string -- were you all seeing that in GET requests? POST requests? Attached to particular exploit attempts? Would love to sig it. I'll have Suricata rules for the C2 tomorrow (We just finished up QA release for today, unfortunately)

@Dio9sys Oh I live for unraveling stuff like this. I love your write-up. Extremely well-done, and thank you for sharing with us.

@Dio9sys every damn time I see something interesting, its either mirai or a crypto miner, lmao.

@Dio9sys good to know I'm among the like-minded. Second I saw this I was like... "That's URL-encoded base64 with the double equal at the start, so... in reverse. Good times.

@hacks4pancakes #firefox

This post did not contain any content.

@silverwizard oh yeah, definitely. I can't look at most computer things I touch without wondering how easy it would be to compromise the shit out of it.

and I say that without a hint of arrogance, I promise. I am my own worse critic, and I agonized over every detail.

I did this shit with draw.io. Free software. I produce diagrams that are better than those of a multi-billion dollar company.

Entire pages of this. Along with paragraphs of text to describe it in multiple ways -- for visual learners, as well as learners who just like to read to find their answers.

RE: https://hachyderm.io/@thomasfuchs/116083589029041168

I made a 1200 page book. Half of the pages were MASSIVE charts and diagrams meant to guide them along and make sure they didn't get lost.

That one of the world's most valuable companies can produce slop and get away with it is an insult.

@GossiTheDog ladies and gentlemen, it's this stupid shit (tm) that we are paying up the ass for new SSDs and RAM for.

@GossiTheDog what's funny to me, is that there were influencers on linkedin a few days ago claiming claudecode could find vulnerabilities in code faster than humans, and they're like "look at all these openssl vulns it found!" now I'm like. "well no shit its finding vulnerabilities, when its the one introducing them."