Roses are red Violets are blue I'm running smbserver․py Thanks for your NTLMv2

I hope AppSec Bingo makes your next meeting more enjoyable :)

Reposting my reply bc I think it was misleading. zoomAutenticationTool will run whatever script you give it, and ask you to authenticate as System. It's like they wrote their own sudo tool.. Don't think you can weaponize but weird practice.

I think Eric S. Yuan response to @zoom_us security concerns is great so far. Let's not forget security is tough and evolves over time. blog.zoom.us/wordpress/2020…

Contrast Labs Weekly #2 talking about a few CVEs the team uncovered recently - youtu.be/ihxKMTww9O0 #zulip #sonatype #CVE #appsec #Security

Run every repo from a GitHub user through truffleHog to find leaked keys: curl api.github.com/users/<username>/repos?per_page=1000 | jq '.[].html_url' | xargs -I{} sh -c 'echo {} && truffleHog --entropy false {}' | tee output.txt

Ever wondered what it takes to build your own CTF? Adam Schaal Dan Amodio @SaraKathrynG chatted about this in Labs Weekly #5 - youtube.com/watch?v=HBDM11… #ctf #gamification #appsec #training #security

We are growing again. Looking for a Sr Pentester/Red Teamer to join the team! Challenging projects and a killer team. [email protected] or DM us.

Change screen to 1024x768.. RPi4 no longer connects to 2G WiFi.... 5G is fine... WHAT!?

Damn someone either has a jackpot Twitter vuln or played the long game with some creds.

🤔

"Social engineering attacks" are out of scope.

Forgot I pushed my AWS asset collection script a while ago. I know there are others.. no attempt to overshadow those. It can attempt to enumerate and assume role into all organization accounts to grab external facing stuff. github.com/Contrast-Labs/…

Calling all hackers! You can now find the bug of your dreams with Tinder's #bugbounty program, which has just gone public! Check out their program page for more details: hackerone.com/tinder?type=te… #happyhacking

Want to be part of a great security team and do security research full-time? We've got just the role! Tinder is looking for an experienced researcher to go deep and find new bugs. Learn more about it here! jobs.lever.co/matchgroup/8a7…

New blog post outlining a fun phishing technique to look out for! medium.com/@cachemoney/ex…

This was a really fun exploit in Burp that Dan Amodio and I found!