HackerTrans
TopNewTrendsCommentsPastAskShowJobs

Faelian2

no profile record

Submissions

Twake – open-source Google Workspace alternative

twake.app
27 points·by Faelian2·w zeszłym roku·19 comments

There's a Surprisingly Easy Way to Remove Microplastics from Drinking Water

sciencealert.com
2 points·by Faelian2·2 lata temu·0 comments

You don't need NordVPN (if you have SSH)

blog.lasne.pro
2 points·by Faelian2·2 lata temu·0 comments

comments

Faelian2
·6 miesięcy temu·discuss
I did wrote a small open-source tool in Rust. And I too did encounter that kind of issue when I did start to build a .deb.

Honestly, it was the kind of bug that is not fun to fix, because it's really about dependency, and not some fun code issue. There is no point in making our life harder with this to gatekeep proprietary software to run on our platform.
Faelian2
·9 miesięcy temu·discuss
Thanks for putting this site together. Despite all the comments here, I find your point pretty convincing.
Faelian2
·w zeszłym roku·discuss
That's a really interesting project.

I have been generating documents for a while using https://github.com/enhuiz/eisvogel. It's nice to use markdown, but I feel really limited, and can't do much customization.

I would love to see some templates for this.
Faelian2
·2 lata temu·discuss
France is literally making billions by exporting in electricity. https://oec.world/en/profile/bilateral-product/electricity/r...

It's France 9th biggest export.
Faelian2
·2 lata temu·discuss
An explanation of the attack by the company doing the investigation: https://www.volexity.com/blog/2024/11/22/the-nearest-neighbo...
Faelian2
·2 lata temu·discuss
At what timestamp in the documentary do they talk about ?
Faelian2
·2 lata temu·discuss
I love how he is porting every local attack to web applications.

I am also a bit frightening that the number of attack you have to know for the Burp Certification keeps getting longer.
Faelian2
·2 lata temu·discuss
I don't use GDB a lot. But when I do, I generally use the pwndb extension. It's written for exploit development, but even for debugging a C program. It makes things a lot nicer.

https://pwndbg.re/
Faelian2
·2 lata temu·discuss
I am writing an hexadecimal editor in rust, with colors.

https://github.com/0xfalafel/hextazy

I am also playing a bit with Gtk4, Relm4, and creating Active Directory labs with vagrant. https://blog.lasne.pro/posts/ad_lab_part1/
Faelian2
·2 lata temu·discuss
Do you guys know if `!isset()` is a good alternative ? Or if it also has some shortcomings ?
Faelian2
·2 lata temu·discuss
As a pentester, I would argue that attackers don't think in graphs either.

Apart from Bloodhound, I can't think of any tools where we have graphs.

For web security, I can't think of something where "graph thinking" applies. But we have a pretty huge list of attacks to test https://portswigger.net/web-security/all-topics.

And ultimately, what is inside your pentest report ? Not a graph, a list of things to do:

- SMB signing.

- Don't use the domain admin to manage every machine.

- ...

The main reason this phrase is so popular, is that it panders to the hacker community: "We are the smart guys, all the defenders do is excel sheets."

IMHO, the nugget of truth in this is that defenders can spend considerable amounts of time on things that don't matter. Like doing CIS benchmark by hand on all servers. While missing the low-hanging fruits that would give them a strong security posture.

In a lot of companies, the defenders are just sysadmins that don't have any idea of what they should focus on.
Faelian2
·2 lata temu·discuss
SEEKING WORK: Pentest / AppSec / Training / Cybersecurity | Remote, France

Cybersecurity expert, with 8 years of experience, I have audited multiple complex systems. From Internet Gateway (Linux embedded), to innovative web apps and complex Active Directory environment of Healthcare providers.

Website: https://lasne.pro Github: https://github.com/Faelian Email: olivier [at] lasne.pro
Faelian2
·2 lata temu·discuss
I just read "Windows from Marcus Aurelius". Guess I need to spend some time AFK
Faelian2
·2 lata temu·discuss
Yeah, sorry guys. I did write too fast.

The last sentence should be :

So in that regard, Alpine is less secure by using musl. However, having a small and understandable system is a real advantage when it comes to security.
Faelian2
·2 lata temu·discuss
Just my two cents about the security aspect.

All Linux binaries are compiled with PIE nowadays. You can run `checksec` on any binaries on Ubuntu, and it will have those properties. (You can install checksec with `pip install pwntools`).

On the other hand, GLIBC has, to my knowledge, the most hardened heap implementation out there. And there are more mitigations for double-free and other heap exploits on GLIBC.

So in that regard, Alpine is less secure by using musl. Having a small, understandable system is a real advantage when it comes to security.
Faelian2
·2 lata temu·discuss
I am really curious about this.

As a pentester, I run use Linux on my laptop and I spend a lot of time working inside a Kali VM with VirtualBox.

How much performance improvement can we expect with the KVM backend ?
Faelian2
·3 lata temu·discuss
SEEKING WORK | France, Remote | Pentester, Cybersecurity expert

I am a cybersecurity consultant / pentester / trainer with 7+ years of experience. I have audited successfully internal networks, web applications, and embedded environments. I also do trainings for professionals and students.

Location: EU (France) Linkedin: https://linkedin.com/in/olasne Website: https://lasne.pro

Email: olivier [] lasne.pro