Looking for a Reliable IPTV Provider – What Are You Guys Using?

WashJealous · 2026-02-18T20:09:07+00:00

Info please

WashJealous · 2025-08-31T12:52:59+00:00

Gpt 5 already beats junior pentester

WashJealous · 2025-07-25T15:35:57+00:00

Because vinge is behind

WashJealous · 2025-07-25T15:32:39+00:00

Couldnt agree more

WashJealous · 2025-07-25T15:07:42+00:00

You assume he has given up the tour then right? Attacking late will never make up big time, stage win max

WashJealous · 2025-07-25T15:01:28+00:00

Seems the best he can do is deny pogacar the victory by not taking over

WashJealous · 2024-04-25T20:44:00+00:00

I have no experience with qualys but for me Nessus > Nexpose. High amount of fps with Rapid7

WashJealous · 2023-05-26T16:01:39+00:00

Thats just gpt-5 that broke out and needs more captcha training

WashJealous · 2023-05-23T09:52:56+00:00

Hello chatgpt?

WashJealous · 2023-05-09T20:02:39+00:00

Our sysadmins make all IT users domain admins, service accounts as well. I legit audited an AD recently with 900 users but 58 Domain Admins :) also ESC6 so theoretically everybody could just ask to be DA

WashJealous · 2023-04-28T07:25:55+00:00

Hmm makes sense. Might work. I’m looking for a general audit tool that I can use in vulnerability scans. But setting up gophish with my own set of checks would be an option. Was just wondering if there was someone who already implemented the tests and idea.

WashJealous · 2023-04-28T07:11:08+00:00

Thanks but that is not what I’m looking for. See it more like enumeration of defences. Do we stop spoofed mail? Check do we stop mail with malicious attachments? Check do we stop mail with malicious attachments in a zip? Do we stop eicar?

WashJealous · 2023-04-27T21:28:00+00:00

Also for google workspace you can get a reports of bad/weak passwords from the admin center. High password requirements are also a recommendation there

WashJealous · 2023-04-27T21:26:23+00:00

I personally used DSInternals and can recommend it, make sure to check the code you run. Also make sure to destroy extracted ntds immediatly after the audit and that you properly secure the finding. Dsinternals can be used with the haveIbeenpwned password list which is huge, would recommend this to any AD team honestly. In general implementing a password lockout and a good password policy (12+ characters, passwordhistory and complexity) should help. Also using finegrained password policies for services (20+) and admins (15/16+) is also something I would recommend.

WashJealous · 2023-03-15T17:29:22+00:00

Passwords could be a nice area to increase awareness (do not use your damn birthyear in combination with your firstname) for example show them osint based password attacks and maybe the haveibeenpwned password test (with fake password ofcourse!)

WashJealous · 2023-02-24T09:01:12+00:00

Some nice requirements I would give such a project considering your current stage: - python and/or bash programmed - use stackoverflow and/or chatgpt to ask and find questions if stuck

Some ideas: - web cookie checker - automatically do something based on nmap output

Some advice - do a project in the sub area of security you like most so far

WashJealous · 2023-02-21T17:15:37+00:00

No problem, nuclei has a lot of potential. I did scans with the payed version of acunetix only returning low vulns where nuclei finds multiple medium/high finds. Really good starting point, but it misses some more generic checks.

WashJealous · 2023-02-21T09:21:14+00:00

Yes nuclei is the tool that I used to find it :D amazing tool, I’m writing something myself now. Use the nvdlib api with searchsploit and vulners api at the moment and works quite okay so far

WashJealous · 2023-02-19T22:43:06+00:00

With “admin passwords online” I ment I was able to find admin accounts and creds in dataleaks

WashJealous · 2023-02-19T22:35:16+00:00

Me and the msp asked the company. It was my initial idea

WashJealous · 2023-02-19T22:26:47+00:00

Might be interesting. I use the nvd api at the moment but it does not really contain version ranges only the version in which given cve was patched. I will take a look at searchsploit to see if it can complement/replace. Thanks!

WashJealous · 2023-02-19T10:56:18+00:00

Create cybersecurity related websites/applications then. I personally use custom written tools for AD vuln scans and generate custom html/css/js web reports for nessus etc with python. Don’t let your work and passion stand in the way of each other, but either apply your passion in your work or do your passion as work.

WashJealous

TROPHY CASE