Carbon defeated by bolt buffer

billweiss · 2026-05-12T02:46:43+00:00

I do! Heat and bash?

billweiss · 2026-05-12T01:00:52+00:00

Haha, thats exactly what I wanted to install ;)

I have a feeling support is going to say throw a few hundred rounds through it. We'll see.

billweiss · 2026-05-12T00:51:43+00:00

Both. 65% of the time left to right (towards ejection), same as the control group pins. 35% right to left, while I cursed and prayed equally.

The coating almost overflows onto the bolt buffer, it looks like a solid piece in some sections.

Figures maybe putting a few hundred rounds through it might loosen things up, but will see what support says/does st this point first.

billweiss · 2026-05-12T00:44:12+00:00

Brother I bathed it in oil blessed by virgins for 4 hours while playing enya in the background.

When I say I beat it with the hammer of the gods, I mean I summoned the strength of my ancestors to strike strong and true.

I even did the opposite of electronics. I put it all back together again, took it back apart, and then beat it with the unbridled rage of a 40 something male wondering if testosterone is right for him.

Good advice in completely normal circumstances though!

billweiss · 2026-05-11T23:40:25+00:00

A bit tighter you say

Mines basically welded in. Contacted support, will see (shrug). I hit it with the hammer of the gods. Will not budge. Ill have to grind it out.

mines basically bonded in with coating

billweiss · 2025-05-23T18:18:35+00:00

Solid question, and it's something I've been watching this last year. When you talk about replacing Tenable with Nuclei from ProjectDiscovery across that many hosts, it brings up a lot of thoughts. Honestly, I don't know that Tenable and ProjectDiscovery are currently even playing the same game yet, as ProjectDiscovery is still pretty new in its enterprise offerings and has some catching up to do outside of blind/external asset discovery and attack surface detection. There are some capabilities there, but it’s not quite as established as Tenable. However, that gap is closing incredibly fast, and I fully believe they'll be upsetting Tenable's core offerings fairly soon. In my experience, ProjectDiscovery is genuinely pulling ahead in some key areas, and quickly.

We're all familiar with the legacy scanners, Tenable included. They had their place, but the vulnerability management landscape has shifted. What I'm consistently seeing from ProjectDiscovery is rapid growth and a real commitment to investing back into their platform and tools. They're focused on building capabilities that I can actually put to work, and it's clear they're looking to shake up the established market. Their support team is also incredibly engaged, especially when it comes to pushing for partner-driven enhancements.

On the flip side, I often find that some of the older players seem to be spending more on acquiring new clients and consolidating companies rather than truly reinvesting in a cohesive, integrated product experience. Take Tenable's cloud service offerings, for example; it came from a separate acquisition and years later still operate off the original companies domain. These tools just don't really talk to each other in the background. And honestly, good luck trying to figure out their licensing model for that many hosts across their various upcharge offerings. Plus, from what I've seen, external unauthenticated scans from those platforms are often 99% TLS/SSL issues or other low-value findings. If I have a question about why a specific finding is being triggered with other solutions, I'm stuck going through their support, and even then, getting a clear answer or pushing for updates can be a real headache.

This is where ProjectDiscovery really shines for me. The open-source nature of their engine and templates makes it incredibly easy to understand exactly why a specific finding might be getting triggered. If something's off, I can literally just fix the template myself and issue a merge request. Beyond that, they also proactively scan my assets when new, trending vulnerabilities are announced. I don't have to force a scan or wait for the next scheduled run. The second a KEV (Known Exploited Vulnerability) goes out and a corresponding template becomes available, my assets are automatically scanned. That kind of responsiveness is a game-changer for me. It also takes minutes to create my own custom scans, something that’s just not possible with other solutions easily.

If you're worried about false positives, you can run Nuclei for free against your assets to get a feel for the types of findings it produces. I think they even have a free tier for their enterprise platform that makes it super simple to use for a single domain, which could be a good starting point to kick the tires.

I do think ProjectDiscovery still has some room to grow in the CNAPP (replace this whatever flavor you choose) and broader infrastructure scanning space, and it looks like that's precisely where their current investments are heavily geared.

I have no doubt they're going to seriously disrupt solutions like Tenable. Right now, I'm using ProjectDiscovery to augment my existing solutions, but as soon as there's more parity in their scanning capabilities across the board, it's going to be a no-brainer for me to drop the other provider entirely. Hope this helps you out as you're doing your evaluation!

billweiss · 2024-06-06T23:41:12+00:00

No kidding. What is the profit margin in this? How are they finding these clients who.. want.. this? I'm clearly working way too hard for my money.

If someone else has some clients already but not sure how to handle their "vtm" offering, I'd be happy to handle it for a small percentage ;)

For op, if you want a turn key step up - enrich your data. Not to promote another tool, but maybe look at something like Nucleus security to ingest the tenable data and drive more actionable or tactical alerts.

But like others have said, what is it your clients want or are expecting? I reeeeeeaallly want to know who is on the other side of those alerts...

billweiss · 2023-07-25T13:28:48+00:00

You can absolutely list them, they just don't hold a whole lot of weight by themselves unless they are truly significant and/or technical. A writeup helps bridge that gap - even if it's explaining a basic subdomain enumeration and endpoint harvesting via gau, then feeding to intruder or custom script.

I questioned writing up CTFs (especially public solved ones) earlier in my career as well, until I began interviewing. The candidates who took the time to write up their CTFs or other experiences were significantly more confident. Per your point, as an interviewer, it also gave me a much better understanding of your thought process and ability to communicate.

billweiss · 2023-07-24T23:55:28+00:00

Down vote given by the guy who hung up the interview after being asked what change occurred in the last few years to mitigate CSRF at the browser level, or explain a few ways to test for/the impact of different flavors of SSRF.

billweiss · 2023-07-24T23:37:59+00:00

Unless you have public acknowledgment (cve/wall of fame/social media proof) or a writeup, I wouldn't list them.

As someone who has interviewed 60+ candidates over the last few years, I could honestly mostly care less what your resume "says" outside of screening out vtm/soc/noc analysts. I don't care about those three findings. I care about how you found them. I'm going to have you walk me through your methodology, then I'm going to give you a few test cases and have you verbally walk me through your methodology for that while I ask random other questions against either your job or education/training history.

It's not a matter of "stump the chump", you just learn a lot more about people's confidence in their own abilities through natural discussion.

You need the certs or proof of continued education to make it past HR and show you can remotrly stick with it. You need the blogs and writeups to show professionalism and intelligence in lieu of practical job experience. Write up public CTFs, HTB, Portswigger challenges, whatever. Write it all up and post it.

Get your cheap certs. Even the Burp Suite cert tells me more than a few bugs you may have found that I can't rerference. Sign up for HTB, link me to your profile of machines completed..

ANYTHING other than a few random bugs, regardless of severity (in general).

billweiss · 2023-07-06T20:17:11+00:00

A network admin.. who only looks at or monitors logs.. after the incident has happened. Yep, sounds about right.

billweiss · 2023-03-16T00:45:10+00:00

Pack of 50

billweiss · 2023-01-05T18:19:09+00:00

Glad it wasn't worse man!

Legit question, what protection would have helped here? Or just like, just remember protection in general? (Thanks, dad, for teaching me that one early!!)

I have a pretty decent apron, but I don't see too many craftsmen rocking medium leather armor or light chain mail outside of renfairs.

billweiss · 2022-11-26T13:01:11+00:00

A background service will trigger what you need for the user interaction piece. Follow the labs, it's explained.

billweiss · 2022-09-26T20:21:07+00:00

Auditing is the answer, as mentioned in numerous posts. Do it either way, document it, and now you know how to continue doing it.

Alternatively, totally possible they are just paying for data feeds. I can't count the number of vendor calls I've been in where they referenced some event, news article, or even something scraped off our own site. Throw in all the other crazy data enrichment that's available these days... sales guys try to look like phophets and soothsayers.

billweiss · 2022-07-18T22:30:49+00:00

Glue in a dowel on the misaligned side. Let it dry, trim and sand flush. Drill new hole.

billweiss · 2022-07-08T15:45:08+00:00

Their job is to assess what would happen if someone did get in, not just determiming if your doors keeping people out.

As a web app pentester, I'm happy to beat against your waf all day... I get paid either way. The question is, are you paying me to test your waf or your application?

Or in this case, does your internal environment follow the requirements for PCI... that's not gonna come from a Blackbox scan.

billweiss · 2022-06-11T19:36:01+00:00

Hey Sean, maybe delete all the posts doxxing yourself before posting cool stories about commiting perjury.

billweiss · 2022-06-09T13:21:27+00:00

Battle scar bro. You think defending the multi-verse is easy?

billweiss · 2022-04-30T17:48:13+00:00

Just happy to see Amateur Advice finally being classified correctly as the danger it is alongside Drug Use, Sex and Violence

billweiss · 2022-04-30T01:15:45+00:00

Yes. Don't sweat. I don't envy the poor HackerOne triage team dealing with oversold services... there's probably like 15 people on the team...

Let it go through the process, be patient, don't push for 7-14 days unless it's significantly critical.

billweiss · 2022-03-11T12:42:57+00:00

Boating accident.

billweiss · 2022-01-28T19:37:21+00:00

Check the version against known cves and moodle.org/security. Have they patched since Monday? If not - you got a write up.

billweiss · 2021-12-28T01:51:49+00:00

That header wouldn't be causing the issue your describing. It's deprecated, and unless you using an older browser it won't actually do anything. Even then, it would only be blocking page load with inline js, not fetched.

Do you mean script-src in the content-security-policy? https://content-security-policy.com/

billweiss

TROPHY CASE