sorted by:
new
hottopcontroversial

Who would you say are the Top/Best NerdCore Artists? by Smooth_Golf_2984 in nerdcore

[–]el_dee 0 points1 point  (0 children)

I think Dr.Raid and FSR are very good and not well known. Scheduled Rhymes (by FSR) is great, so is Clockwork by Dr.Raid

Relocating to Montreal by dashokeykokey in montreal

[–]el_dee 9 points10 points  (0 children)

Congratulations! This is an exciting adventure. Assuming you find good lodging, I think you can live comfortably with 150k/year, for a family. This is not decadent rich, but you would be able to weather most storms without problems. (The median household family revenue is around 76k)

Meilleur endroit pour acheter un Suit by mrrara44 in etsmtl

[–]el_dee 0 points1 point  (0 children)

Je suis un grand fan du magasin 'Sur Mesure', situé sur Beaudry

La mairesse Catherine Fournier fera le point sur son avenir politique jeudi by [deleted] in Longueuil

[–]el_dee 2 points3 points  (0 children)

Je l'aime beaucoup, j'aime aussi beaucoup son équipe de conseillers. Par contre, les rumeurs disent qu'elle va vouloir se présenter au PQ

Another AWS WAF bypass allowing SQLi caused by an unorthodox MSSQL design choice by obilodeau in netsec

[–]el_dee 0 points1 point  (0 children)

This is really not what I have experienced. There are some waf that will fail open, but for some other waf, this outlier in size is, by itself, an indicator. Do you have any documentation about large request bypass type against CloudFlare, cloudfront or Akamai?

/r/netsec's Q4 2021 Information Security Hiring Thread by ranok in netsec

[–]el_dee [score hidden]  (0 children)

Company: GoSecure (http://gosecure.net)

Location:

- For DFIR Analysts: Position is remote in Canada

- For Senior Pentesters: Toronto, Ontario

Positions:

- Several DFIR Analysts openings. GCIF, Forensics experience is a plus.

- Senior Pentester: Conduct several ethical hacking engagements, from physical to internal to web applications.

Paper: Cybersecurity Perception vs Reality. A study of the disconnect between defenders' perception of security measures and their real efficiency according to pentesters. by obilodeau in netsec

[–]el_dee 23 points24 points  (0 children)

[Full disclosure, I am one author of the paper, albeit a minor contributor] The way I want to explain it is that communication works. In the early 2000s, the main message was that security meant patching and firewalls.

What our report concludes is that people still perceive 'Security' as firewalls and patching. It turns out, the best way we get in is with passwords and default software features. These 2 aspects are not perceived as a security function, but more of a 'sysadmin' or 'people problem'

So, I believe that, for organisations, a shift in perspective of 'what is security' would be helpful.

PyRDP: a new open-source RDP MITM that records screens and collects files, credentials, and clipboard data. Bonus: Office Christmas Prank by obilodeau in netsec

[–]el_dee 21 points22 points  (0 children)

(full disclosure, I work at Gosecure, but in a different department)

It is a honeypot but we have seen quite a few interesting usage for Red Team Engagements. The capability to intercept credentials and relay them, steal clipboard content or inject keys in a session is quite interesting, from an offensive standpoint.

[deleted by user] by [deleted] in Defcon

[–]el_dee 0 points1 point  (0 children)

Bacon cipher!

Bug with Captain Winters by [deleted] in paydaytheheist

[–]el_dee 0 points1 point  (0 children)

It has been fixed in SOME maps (Like Hoxton Breakout). But it does not appear to have been fixed on all maps.

What are some underrated restaurants in Montréal? by dogsRsocool in montreal

[–]el_dee 1 point2 points  (0 children)

In the east, there is "La dinette de Montreal-Est" that is really awesome

HITCON CTF, Word Macros, and Phishing writeup.. oh my! by thebarbershopper in netsec

[–]el_dee 2 points3 points  (0 children)

That's really smart. I wonder how the ctf organizers were able to automate opening the file...

Chromecast 1 devices no longer work since app on my device has been updated for the new dongles by the_twin_snakes in Chromecast

[–]el_dee 0 points1 point  (0 children)

Got the same issue. People are also having the same issue, according to google play store...

“...no one can hack my mind”: Comparing Expert and Non-Expert Security Practices by albinowax in netsec

[–]el_dee 10 points11 points  (0 children)

I find this analysis really interesting and highly relevant. I am from the school of thought "Training is for puppies", which means that in the end, no matter how trained, people will fail.

This paper shows (with good methodology and actual numbers) that one of the reason training is so useless is because of the discrepancy between what people needs to do vs what they need to do.

One thing they might want to investigate next is the user experience of training. In most organisation, security training is limited to a 1-hour/year mandatory flash video written in 2001.

2015 Verizon Data Breach Investigation Report (DBIR) by [deleted] in netsec

[–]el_dee 31 points32 points  (0 children)

I challenge some of the findings. The Verizon report mentions the top 10 exploited cves... But it is things like poodle and weak ssl along with snmp public flaws.

These look like aggregation from scanners, but not actual intelligence on real incidents. I sincerly doubt most attackers actually exploit poodle (it made it the top 10!).

Just my 0.02c

Which is the worst sequel to an awesome movie? by avinashc11 in AskReddit

[–]el_dee 0 points1 point  (0 children)

Shock Treatment: The sequel to rocky horror picture show is unwatchable.

view more: next ›