Lemon

How much of that is because the different services get a choice in how to log things or name their IAM actions 😂

A lot of automated systems will block you committing passwords in your code, so you’re gonna want to base64 encode them to get around that.

You’re a developer; you’ve got to move quickly. We don’t call it a sprint so you can sit around waiting for approvals.

Declassified CIA Guide to Sabotaging Fascism Is Suddenly Viral The World War II-era "Simple Sabotage Field Manual" is full of steps that office workers can take to resist leadership.

Suddenly, out of nowhere, a declassified World War II-era CIA guide to sabotaging fascism in the workplace has become one of the most popular free ebooks on the internet:

www.404media.co/declassified...

Congrats!!!!

This also coincides with federal prisons no longer providing gender affirming medications and forced conversion therapy while incarcerated.

I have a feeling the people in this situation wouldn’t end up in a state prison.

The amount of “networking professionals” who “corrected” me about how DHCP works was incredible.

It’s always the people who form a weird opinion from a narrow experience and refuse to revisit a topic.

I’m tired of the number of notifications I get in a day

Strong endorse. I’ve never found it credible that the VPN provider was magically more trustworthy than the ISP.

www.cisa.gov/sites/defaul...

(This is in the context of highly targeted individuals)

This is such a succinct way to put it. Glad to see CISAs guidance actually calls this out.

Everyone starts off thinking they want writing advice but slowly finds out what they're really looking for is writing _confidence_ to get in the chair and do the work.

In that article, I wrote about my best friend who died of cystic fibrosis when I—and she—was 25. In an article I wrote for VICE, I explained that I blame America’s health insurance system for her death. She lived the vast majority of her life before Obamacare existed and was at times dropped from insurance in between jobs for her preexisting condition. She regularly had to skip medicine or treatments she needed to live because she could not afford them or because her insurance would not cover them or because she did not have insurance. Getting those medicines was like the world’s most time consuming and frustrating monthly puzzle. I remember for a while she was getting medication from an online pharmacy that had games and surveys you could play to get small discounts on prescriptions. She did those games every month to save a few dollars not because she wanted to save a few dollars but because she had to do them to literally afford her medicine. She looked into getting medication that was cheaper in Canada but could not navigate the system. She died 11 years ago. Millions of people died under a similar health insurance regime before her and millions of people have died under the same system after her. Her death fucked up my world and I have never been the same.

Here @jasonkoebler.bsky.social writes his friend was filling out surveys/games to get few dollars off essential medication. People are outpouring their "horrendous, inhumane, heartbreaking experiences with a profit-driven, private American healthcare system" www.404media.co/behind-the-b...

I just stumbled on my research paper from college.

My English class was themed for Lord of The Rings so I did a cultural analysis of what each race found beautiful and whether or not Tolkiens declaration that orcs could not perceive beauty was true. 😅

I’m not even sure what this one meant 😂

Anyone ever use TXT dns records to keep track of which internal department manages a domain? It was a passing thought I had but it seems like it might actually work well with minimal info leakage.

It’s possible to trivially generate CRC collisions too. I know someone who has a PoC that runs sub 50ms.

A trust policy is technically a resource policy

One does not simply create an asset inventory when there’s multiple environments and sufficient organizational complexity.

I’ve been researching HA firewalls VMs. The whole protocol they have for switching is so interesting. How did you stress test the DNS servers?

Finally, a chance to use Chef.

Most authors are not cited frequently.

The mysterious author known as Et Al is a statistical outlier and should not be included.

Ah yes, using my backup pair of glasses for a year might not have been the correct choice. New ones on the way 👩‍🏫

Yeah security is hard but have you ever had to debug Reaper and a virtual audio cable? Some things are science and others are duct tape,
hope, prayers and drivers.

That firm is getting either fired or a strongly worded lawsuit.

This is one of my biggest fears with junior pentesters (and some seniors). You can’t just treat your testing like it’s a lab. You _need_ to keep track of your interactions with a target and do cleanup.

You are the first and they want to set an example. You have the support of many not just those in Delaware.

Have your own? Drop them here :)

6. Assembly now included — can you get assembly instructions to run on serverless runtimes? What’s the implications for detection and response?

5. Storage C2 — can you write a proof of concept that uses buckets, blobs, multipart/resumable uploads? How could this be used when there’s things like data perimeters since it would use the backbone of the CSP infra?

4. Signed URLs — what happens when you sign a signed URL? Can you get it accepted? Who gets billed? What if you try to mix signed urls between CSPs?

3. Time-diff — obtain all CSP documentation versions you can and notate all deletions. What do they not want us to remember? 👀