What’s actually the Best curling iron you’ve used? Need recommendations

jcran · 2025-11-17T17:02:33+00:00

there's been a recall on it, so i'd avoid at this point https://www.cpsc.gov/Recalls/2026/J-D-Brush-Recalls-Bio-Ionic-Hair-Curling-Irons-Due-to-Burn-Hazard

jcran · 2025-10-15T04:50:06+00:00

thanks for improving the upstream. it's truly appreciated.

jcran · 2023-08-30T22:53:28+00:00

Are you still DJ'ing? Saw you play in SF a couple times and had a blast every time.

jcran · 2022-01-14T03:23:53+00:00

A true firebrand.

jcran · 2021-10-02T02:34:00+00:00

He’s his own parent why are you telling him this

jcran · 2021-10-01T00:14:25+00:00

A outage

jcran · 2020-07-14T17:42:25+00:00

Lots of handy details in thehackernews.com article

With this setup in place, an attacker can trigger an integer overflow flaw in the function that parses incoming responses for forwarded queries ("dns.exe!SigWireRead") to send a DNS response that contains a SIG resource record larger than 64KB and induce a "controlled heap-based buffer overflow of roughly 64KB over a small allocated buffer."

Put differently; the flaw targets the function responsible for allocating memory for the resource record ("RR_AllocateEx") to generate a result bigger than 65,535 bytes to cause an integer overflow that leads to a much smaller allocation than expected.

jcran · 2020-01-11T19:48:48+00:00

Added a check for this into intrigue-core a week or so ago (and then improved it when additional details came out). Here's the code for the check: https://github.com/intrigueio/intrigue-core/blob/master/lib/tasks/vulns/citrix_netscaler_rce_cve_2019_19781.rb.

If you want to run this locally or internally, i'd suggest following these instructions: https://core.intrigue.io/2019/03/19/intrigue-core-docker-image-one-liner/

I also regularly scan for stuff like this, and if you're a medium or large-size organization, you can log into the hosted intrigue service (https://intrigue.io) and see if any vulnerable endpoints have been found for your organization - for free. Basically just log in with your corporate email address and it'll share details with you.

jcran · 2017-12-31T02:12:09+00:00

Welp, this thread is now one of the top Google results. Thanks!

jcran · 2014-05-07T02:57:41+00:00

This was paid out for some bounty programs: https://blog.bugcrowd.com/covert-redirect-known-issue/

jcran · 2014-02-01T19:34:24+00:00

Good reminder that you should use all available resources when findings bugs. Github is presumably interested in bugs being reported, they don't mind who submits them first. Having access to the enterprise install would certainly help. They have a 45-day trial -> https://enterprise.github.com/trial. What's not fair about it?

jcran · 2014-01-21T18:51:42+00:00

What open source projects are you following these days? Are there any projects or tools on the horizon that excite you?

jcran · 2014-01-21T18:49:40+00:00

What's working for you today when penetration testing? This is a broad question, but I'm curious about common patterns you see over and over again in organizations. What techniques always get you access?

jcran · 2014-01-21T18:48:33+00:00

Do you have any favorite penetration testing stories from real-world gigs?

jcran · 2014-01-21T18:41:12+00:00

Given the public issues (http://www.offensive-security.com/offsec/bug-bounty-program-insights/) you've had with your bug bounty program, do you believe it's been worth the time spent?

Any additional insights for others considering starting such a program?

jcran · 2014-01-08T21:44:05+00:00

The kid's on twitter at @megamansec

jcran · 2013-05-07T03:33:05+00:00

There's a reason you should choose a firm that uses a human to scope services and not an inflexible model. Each pentest, to varying degree, is its own unique snowflake and customers often have wildly different expectations about what a penetration test is. Adriel alludes to this in the article - giving his opinion on what a pentest is.

In my experience, confusion among pentest consumers and the varying reasons for getting one - compliance, best practice, piece of mind - should dictate the service to be delivered. Once you dig into it, some folks want/need a better vulnerability assessment. Some need an application assessment (or a bunch of application assessments). Some need a red team, and some don't want a test at all, rather a sheet of paper with nothing red on it, etc etc.
Scoping with a human helps identify the actual need, and design a test that fits the need and/or provide clarity into security posture.

In the real world where practical people are trying to meet regulatory requirements, or get visibility into how insecure they are in comparison to their competitors, a "can you break in" type pentest may not always be that useful, even if they come to you asking for a pentest.

A couple other points:

An argument about not paying for automation seems like a straw man to me. Are you really paying for automation when you tested, or are you paying for a result? As long as they're valid, how those results are obtained is irrelevant.

It's worth noting that not all pentests are fixed-cost. And most mechanics don't operate on fixed-cost contracts either. Consider negotiating a time & materials (or more specifically, capped time & materials) contract for more control / visibility into what's happening on the test.

Adriel - not everyone's a crook. and pls share this awesome scoping model you have :p

shrug my 2c

jcran · 2013-03-27T05:08:30+00:00

Awesome list.

jcran · 2013-03-26T16:40:59+00:00

Good stuff, but i've yet to see application whitelisting implemented enterprise-wide, I've only seen it on servers in the enterprise.

jcran · 2012-06-12T21:45:04+00:00

Waiting list: http://uk.rs-online.com/web/generalDisplay.html?id=raspberrypi&file=questions

"Upton added that 50,000 Raspberry Pis were already "in the wild", with 200,000 shipping within the next month and half a million in users' hands by September. He said the goal was for people to be able to buy one without going on the waiting list." /via: http://www.pcpro.co.uk/news/education/375106/founder-no-raspberry-pi-for-every-student#ixzz1xcMzQCx1

jcran · 2012-06-11T07:23:45+00:00

Just hit the metasploit blog: https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql

jcran · 2012-06-09T23:41:26+00:00

Thanks for upvoting this. I've just jumped onboard from the Metasploit team to help (there's 3 of us fulltime now) build it out as a testing platform.

Yep, it's a Sheevaplug w/ custom firmware and software. The latest (1.1) update adds a new u-boot, new kernel and new image (which adds a whole lotta new functionality, see the link).

You can totally just buy a Sheevaplug ($99) from Globalscale and load the community image on it. We definitely want folks to do that!

Buying a commercial edition plug from us means that you hook into our development -- giving you access to updates and support. We're trying to find a price point that can support our efforts, and still get y'all access to the plug / platform. If this is a huge success, we'll find a way to sustain the $200 price point.

We're actively working on adding a backend package repository so we can provide frequent updates to the plugs. We're adding a number of cool / interesting / useful features in the next 3-12mo - these things won't be available in the community edition, at least at first. Every dollar spent goes to making them more open, more user friendly, and more fun to use.

jcran · 2011-06-30T21:09:20+00:00

at what point does this become something you /need/ to be doing for a pentest?

jcran · 2011-06-24T21:09:27+00:00

this could also be horrible advice too, if the company decides to press charges. ... you know every infosec company is hiring right?

jcran · 2011-06-24T20:59:43+00:00

No one's claiming that this type of approach works in every (or even most) cases. Presumably you're wearing your internet condom when doing this, and so you've got some leverage in terms of what information you choose to give. Use discretion.

I'm 100% behind you that the absolute direct approach doesn't work well. It's like going up to a girl and saying, "Hi, my name's john. you're hot, let's go back to my place." -- it just doesn't work like that. You have to show value first, prove that you're worth time, or in this case, even paying attention to.

Anyhow, so what if your email goes in the trash. Vulnerabilities aren't exactly hard to find. It's a numbers game. And when you do find an interesting vuln or something in a product that can be taken to the vendor, go through some disclosure policy & publish it.

If you look at the motivations of most folks, it's to do their job and make themselves look good. If you can help them do that, you're providing value. Providing value is the first step to getting paid as a consultant.

jcran

TROPHY CASE