The #Offsec #OSCP song #TryHarder

https://yt.oelrichsgarcia.de/watch?v=t-bgRQfeW64

Alt. link.:

https://youtu.be/t-bgRQfeW64

#nemoradio

Remove my passwords from lists so hackers won't be able to hack me.

#offsec #hacking #humor

LDAP Queries for Offensive and Defensive Operations

#pentest #ldap #offsec

The intention of this post is to provide basic queries for targeted AD DS information gathering used in penetration testing.

https://www.politoinc.com/post/ldap-queries-for-offensive-and-defensive-operations

OMFG, the whole #offsec #oscp stuff is such a shitshow. They recently revamped the course material and their "learning platform". This removed the possibility to start any challenge from a browser that is not in their VPN, meaning I need to run my Kali VM with graphics *just in order to have a browser open to click the "start challenge" button*. All in all it's completely ridiculous that everything is so Kali focused and just about running the right script. It's just a cert "how to become a script kiddie".

A complete sham and I cannot understand how this cert holds any real value. With the most recent update they even removed buffer overflow exploitation techniques, now it's really only scanning for known vulnerabilities and misconfigurations. That's no "attacker mindset". It's just boring keeping track of known vulns and exploiting them. There's *no worth* in that at all.

Of course, 90% of the market is not looking for "new vulns" but about looking for misconfigurations. But these aren't properly addressed by pentests anyway, but by actual proper security operations. This is a general misconception anyway: Some companies even think pentests make them more secure. Slightly less worse, they think that pentests evaluate the security of their product. Not completely wrong, but...

#AdversaryGuru live stream video recording is here for Kali Purple and offensive security SOC-200 - Dr. Malcolm Shore and Carsten Boeving (Re4son)

Watch the video on YouTube: https://www.youtube.com/watch?v=3UMxOsdexK8

Slides can be downloaded from here: https://adversaryvillage.org/live-streaming-series/Carsten-Boeving-Dr-Malcolm-Shore/

#AdversaryGuru #AdversaryVillage #PurpleTeam #AdversarySimulation #security #offensivesecurity #OffSec #AttackSimulation #KaliLinux

OffSec (tidigare Offensive Security) har släppt en ny Linux-distribution vid namn Kali Purple, läs mer här: https://kryptera.se/kali-purple-fran-offsec/

#offensivesecurity #linux #offsec #kali #cybersecurity #purpleteam #blueteaming #blueteam

Today at 2pm EST I will be speaking about mathematics and offensive security at the free-to-attend virtual @Antisy_Training Summit. There will be a bunch of other (better) talks as well, and there is still time to register! If that sounds interesting to you, check it out at https://www.antisyphontraining.com/2023-most-offensive-summit/offensive-summit-talk-schedule/

#mathematics #offsec #redteam

If a "private sector" #ICS #OT #infosec company can call their research/exploit team "Team82," I'm going to found an organization where our #offsec folks are in a team named #ROCstars or #TAOofPenetration

How many orgs do you think are ready to handle IPv6 detections?
Any fun tricks you've done that are IPv6 related in the attack or defense space?

#IPv6 #hacking #redteam #blueteam #purpleteam #magentateam #beigeteam #eggshellwhiteteam #offsec #cybersecurity #infosec

I am proud of myself because today I got my first root shell on a prod network! :blobfoxcomputerowonotice:

Some of you may remember back when I only dreamed of hacking for my day job. Many people supported me in various ways like by being welcoming and helpful, providing mentorship, and boosting my work/words. #InfosecTwitter (RIP) was a huge part of my journey.

#hacking #infosec #offsec

Beep! That was way too easy! #offsec #physec #redteam

Always interesting to see blue teamers write up #offsec tools I’ve written. I like how they spent time figuring our TCP packets out to write a snort rule.

#infosec #security #pentesting #blueteam #redteam

https://www.trendmicro.com/en_us/research/22/k/deimosc2-what-soc-analysts-and-incident-responders-need-to-know.html

Just a few weeks until @cactuscon 11! We can't wait; @dnsprincess is presenting, there will be plenty of 🦊 swag on hand, and you can chat with our team about #infosecjobs at Bishop Fox or our industry-leading #offsec solutions. https://bishopfox.com/events/cactuscon-11

Bypassing Intel CET with Counterfeit Objects:
https://www.offensive-security.com/offsec/bypassing-intel-cet-with-counterfeit-objects/

#infosec #offsec

Looking for a good encrypted cloud storage low cost or free and a good email provider that's not protonmail

#offsec #infosec #cybersecurity #hacking

We're looking for interns to work with in Zürich over the summer on a variety of topics: #offsec, platform hardening, sandboxing and of course ✨#DFIR ✨

The deadline for applications is pretty tight: Jan 20, so please submit soon!

https://careers.google.com/jobs/results/139765941031314118-security-engineer-intern-2023/

#internship #job #blueteam #infosec #redteam #google

Offensive Security has banned ChatGPT from the OSCP exam

What do you think,is it the right decision or not?

Image credit: @whitecyberduck

#infosec #chatgpt #openai #ArtificialIntelligence #oscp #offsec #pentesters

What #security skill sets do you plan to build up in 2023? We surveyed some of the consultants and the Cosmos operators of the Fox Den, and here’s what we found as the areas to shore up in this coming year:

- #Cloud security
- #AI and automation
- #Blockchain technology
- #Metaverse attack surface management
- Proper code development
- Mobile security

Read more about our #offsec New Year’s Resolutions here: https://bishopfox.com/blog/2023-security-resolutions

RT @binaryz0ne@twitter.com

Important note to those new to this account. The course below is completely FREE. I know someone (maybe more) has ripped the videos & probably now the labs & is selling them on @udemy@twitter.com. Please do not pay for this course, it is FREE! #ExploitDev #Offsec
https://exploitation.ashemery.com/

🐦🔗: https://twitter.com/binaryz0ne/status/1610770491429486600

I dreamt about this gear some years ago; not figuratively. Capabilities expanding hourly, these are some of the most powerful blue/red tools available. CIA level tech by @mg.

#offsec #recon #purpleteam #hak5