I had a really awesome boss who probably overshared about stuff like this but a lot of it also comes with general distrust in the business world. People are out to make a buck and they'll do it anyway they can. Every time you come across a business, consider how it works and where their profit comes from.
A tactic I've used in the past is buying a burner number (prepaid sim), called recruiters with a fake name, number and resume and asked them to provide details about the job which many of them name completely. The ones that don't generally indicate that other recruiters do exactly what I'm doing to them in order to steal clients.
I don't feel bad about screwing over an industry which has no place in the modern world, particularly when they're opportunistically trying to make a buck from me and/or my future company while adding very, very little value :)
Do you use an external monitor? That's the most important part of the setup, IMO.
I said two monitors but what I mean is one for each location - many people I know seem to prefer two but I think it's an antipattern (move your head, instead of alt+tab or similar)
Thanks for the tip, I learnt this a long time ago, I've also moved into an industry where dealing with recruiters would probably indicate other issues like lack of ability to research prospective employers, etc.
I'm glad it's becoming more common knowledge though. Recruiters have long been redundant compared to job search websites like seek.
Probably likely to do with the toolkit used to build the Windows version and inability or unwillingness to port it to Mac.
They really need to start from scratch and build solid, easily testable product because the current methodology doesn't work.
I especially love the bugs where when in one specific track changes mode typing in the comments section drops keys, or when using 'read aloud' the voice randomly changes gender. Office 365 on a Windows 10 LTSC virtualised host w/ no other software.
I would recommend against using Office 365 web ui for word/excel etc, I'd also recommend avoiding the MacOS Office build for the same reason:
They're both buggy as hell, the type of bugs that will make your document render in unintended ways when somebody opens it on the other side. At some point, Word for Mac decided to remove whitespace between words on my resume - I couldn't see them and generally exported to PDF, but I didn't hear back from prospective jobs that asked for a word format specifically.
Office 365 Web and desktop application really need a complete revamp, they have reproducible bugs and horrible UI/UX in edge cases.
I also really hate when Microsoft decides I want to store my sensitive data on their cloud for no apparent reason despite saving to local disk, it really seems like a 'whoops we accidentally did this but you should try it!' kind of move from MS. This is the perfect example of a monolithic application with chronic feature creep.
My personal JSON Pet hate is:
```
x = [
"Foo",
"Foo2",
]
```
Is not valid, but the following is:
```
x = [
"Foo",
"Foo2"
]
```
Makes dealing with packer configs feel like punching yourself in the face.
I still prefer it over YAMLs awkward initial learning curve.
Funny that you namedrop like three security products but fail to evaluate which hypervisor should be used, which is probably the most important part of a secure environment if unauthorized code execution fits in your threat model.
I don't fully understand why everyone gets upset over browser leaks when in private mode - most websites interested in tracking private sessions will just associate private and non-private sessions by IP address.
If you're paranoid enough to use a VPN for 'private' traffic, you should probably be running such sessions in a VM using something like the tails live CD.
Basically, researchers started naming vulnerabilities when they thought they mattered. 'Shellshock' and 'EternalBlue' are both deserving of names, IMO.
Then researchers started naming everything, many of the vulnerabilities had zero real world impact, were almost entirely theoretical (many crypto vulns), or required chaining of other attacks to actually achieve anything.
The KNoB description says 'is vulnerable to packet injection by an unauthenticated, adjacent attacker that could result in information disclosure and/or escalation of privileges.' which is sounds extremely caveated. They haven't demonstrated an actual attack so my guess is they've overplayed the significance of the vulnerability entirely and this grants the ability to PITM traffic (which really isn't a defensible boundary, anyway).
Seems silly to care so much about your tethered connection when the average home network has a bunch of computers, random IOT kit, a end-of-lifed smart TV, friends mobile devices and the random MAC addresses in your DHCP lease pool that you can't even account for.
Network security is unmaintaniable. Start caring about defensible boundaries instead.
zero-day malware probably makes malware writing sound difficult. Bypassing fingerprint-based scanners is reasonably easy with the use of 'packers' (which can be bought from hacker markets for pretty cheap, or built pretty easily). Bypassing heuristic based scanners is a little more research-intensive[1], but some 'packers' do this too.
Yeah but 'APTs' are generally shitty low end numbers-game attacks that target HR with terrible macro based malware to breach company perimeters.
Unless you're emulating nation state actors, your ideology of a 'red team' which focuses on physical access is a disservice to your client and your industry.
I'm not suggesting it's a good idea, but it's there. I'm sure there's more minimal, and less minimal options available.
I don't think there's any security impacts with using alpine Linux specifically, aside from default credentials in a bunch of containers a few months back.
I've heard some interesting arguments about publicly dropping 0days to make organisations pull their heads in - Places like Microsoft which historically weren't -great- at security 'deserved' it. I'm not saying that argument is right or wrong, but it was interesting nonetheless.
But dropping a 0day irresponsibly can lead to actual impact - what happens if a good person is persecuted, or executed because of the information you disclosed publicly? What about a hundred. Or a thousand?
"A successful attack depends on conditions beyond the attacker's control. That is, a successful attack cannot be accomplished at will, but requires the attacker to invest in some measurable amount of effort in preparation or execution against the vulnerable component before a successful attack can be expected. For example, a successful attack may require the attacker: to perform target-specific reconnaissance; to prepare the target environment to improve exploit reliability; or to inject herself into the logical network path between the target and the resource requested by the victim in order to read and/or modify network communications (e.g. a man in the middle attack)."
But you could also argue 'Attack complexity' of any exploit which has per-os/arch exploits requires reconnaissance. There, I just boxed MS08-67 (which is arch-specific, iirc) as 'Attack Complexity: High' with pretty much any theoretical crypto attack which would cost billions to exploit :)
Lets not forget CVSS doesn't assess likelihood or business impact well (or at all) either. Your org is far more likely to get rekt if you do not enforce application whitelisting, compared to an intranet-exposed drupalgeddon vulnerability.
A tactic I've used in the past is buying a burner number (prepaid sim), called recruiters with a fake name, number and resume and asked them to provide details about the job which many of them name completely. The ones that don't generally indicate that other recruiters do exactly what I'm doing to them in order to steal clients.
I don't feel bad about screwing over an industry which has no place in the modern world, particularly when they're opportunistically trying to make a buck from me and/or my future company while adding very, very little value :)