HackerTrans
TopNewTrendsCommentsPastAskShowJobs

Faelian2

no profile record

Submissions

Twake – open-source Google Workspace alternative

twake.app
27 points·by Faelian2·anno scorso·19 comments

There's a Surprisingly Easy Way to Remove Microplastics from Drinking Water

sciencealert.com
2 points·by Faelian2·2 anni fa·0 comments

You don't need NordVPN (if you have SSH)

blog.lasne.pro
2 points·by Faelian2·2 anni fa·0 comments

comments

Faelian2
·6 mesi fa·discuss
I did wrote a small open-source tool in Rust. And I too did encounter that kind of issue when I did start to build a .deb.

Honestly, it was the kind of bug that is not fun to fix, because it's really about dependency, and not some fun code issue. There is no point in making our life harder with this to gatekeep proprietary software to run on our platform.
Faelian2
·9 mesi fa·discuss
Thanks for putting this site together. Despite all the comments here, I find your point pretty convincing.
Faelian2
·anno scorso·discuss
That's a really interesting project.

I have been generating documents for a while using https://github.com/enhuiz/eisvogel. It's nice to use markdown, but I feel really limited, and can't do much customization.

I would love to see some templates for this.
Faelian2
·2 anni fa·discuss
France is literally making billions by exporting in electricity. https://oec.world/en/profile/bilateral-product/electricity/r...

It's France 9th biggest export.
Faelian2
·2 anni fa·discuss
An explanation of the attack by the company doing the investigation: https://www.volexity.com/blog/2024/11/22/the-nearest-neighbo...
Faelian2
·2 anni fa·discuss
At what timestamp in the documentary do they talk about ?
Faelian2
·2 anni fa·discuss
I love how he is porting every local attack to web applications.

I am also a bit frightening that the number of attack you have to know for the Burp Certification keeps getting longer.
Faelian2
·2 anni fa·discuss
I don't use GDB a lot. But when I do, I generally use the pwndb extension. It's written for exploit development, but even for debugging a C program. It makes things a lot nicer.

https://pwndbg.re/
Faelian2
·2 anni fa·discuss
I am writing an hexadecimal editor in rust, with colors.

https://github.com/0xfalafel/hextazy

I am also playing a bit with Gtk4, Relm4, and creating Active Directory labs with vagrant. https://blog.lasne.pro/posts/ad_lab_part1/
Faelian2
·2 anni fa·discuss
Do you guys know if `!isset()` is a good alternative ? Or if it also has some shortcomings ?
Faelian2
·2 anni fa·discuss
As a pentester, I would argue that attackers don't think in graphs either.

Apart from Bloodhound, I can't think of any tools where we have graphs.

For web security, I can't think of something where "graph thinking" applies. But we have a pretty huge list of attacks to test https://portswigger.net/web-security/all-topics.

And ultimately, what is inside your pentest report ? Not a graph, a list of things to do:

- SMB signing.

- Don't use the domain admin to manage every machine.

- ...

The main reason this phrase is so popular, is that it panders to the hacker community: "We are the smart guys, all the defenders do is excel sheets."

IMHO, the nugget of truth in this is that defenders can spend considerable amounts of time on things that don't matter. Like doing CIS benchmark by hand on all servers. While missing the low-hanging fruits that would give them a strong security posture.

In a lot of companies, the defenders are just sysadmins that don't have any idea of what they should focus on.
Faelian2
·2 anni fa·discuss
SEEKING WORK: Pentest / AppSec / Training / Cybersecurity | Remote, France

Cybersecurity expert, with 8 years of experience, I have audited multiple complex systems. From Internet Gateway (Linux embedded), to innovative web apps and complex Active Directory environment of Healthcare providers.

Website: https://lasne.pro Github: https://github.com/Faelian Email: olivier [at] lasne.pro
Faelian2
·2 anni fa·discuss
I just read "Windows from Marcus Aurelius". Guess I need to spend some time AFK
Faelian2
·2 anni fa·discuss
Yeah, sorry guys. I did write too fast.

The last sentence should be :

So in that regard, Alpine is less secure by using musl. However, having a small and understandable system is a real advantage when it comes to security.
Faelian2
·2 anni fa·discuss
Just my two cents about the security aspect.

All Linux binaries are compiled with PIE nowadays. You can run `checksec` on any binaries on Ubuntu, and it will have those properties. (You can install checksec with `pip install pwntools`).

On the other hand, GLIBC has, to my knowledge, the most hardened heap implementation out there. And there are more mitigations for double-free and other heap exploits on GLIBC.

So in that regard, Alpine is less secure by using musl. Having a small, understandable system is a real advantage when it comes to security.
Faelian2
·2 anni fa·discuss
I am really curious about this.

As a pentester, I run use Linux on my laptop and I spend a lot of time working inside a Kali VM with VirtualBox.

How much performance improvement can we expect with the KVM backend ?