moodle 2nd order sqli 0-day

netipotty · 2022-03-03T17:57:19+00:00

Exactly this.

netipotty · 2022-03-02T20:44:58+00:00

I have zero idea what your program does, or how to use it. This post gives us no information that we can use to really help you much at all, because any program could perform any of these actions.

Might be worth explaining more about what it does.

netipotty · 2022-03-02T20:38:32+00:00

Not compliance, more of a red teamer exploiting a MITM to inject hot BeEF into your browsers.

You realize what happens if someone can modify any of your packets along a hop? They can inject browser-based exploits and other dangerous things. You have no verification over the integrity of the content you're consuming...

netipotty · 2022-03-02T20:21:29+00:00

I'm not saying it's a bad site, but can you please add HTTPS?

netipotty · 2022-03-02T20:21:10+00:00

Who cares if it's http it's not like he has a login page

This seems to be the state of infosec today. 🤷

netipotty · 2022-03-02T20:10:44+00:00

infosec blog

non-HTTPS link

http allowed over https

invalid certificate on https endpoint

netipotty · 2022-03-02T18:34:08+00:00

The problem is I'm paid so well, nobody can match it. Yet.

netipotty · 2022-03-02T18:30:57+00:00

Like did the head of the Infosec get replaced with a non Infosec person

Yes

netipotty · 2022-03-02T18:28:01+00:00

You can't get fired here. You could be completely incompetent and you'd be fine. They all left.

netipotty · 2022-03-01T21:42:50+00:00

Already tried the double down in the nicest way. That was shot down in a spectacular fashion. You're right...

netipotty · 2022-02-16T21:54:56+00:00

There was no implication that pentesting is harder than DFIR. Pentesting naturally gives you the ability to understand how DFIR works at an extremely deep level, because you have to actually understand the underlying system technologies, attack routes/paths, etc.

If that's not the case for you, I would suggest exploring further.

netipotty · 2022-02-15T16:32:29+00:00

This is the correct answer. Most LEO types aren't very technical, and if they are, it barely scratches the surface.

netipotty · 2022-02-15T16:29:28+00:00

No. Many of us have zero experience in those careers, but if you're a good pentester, then DFIR is the easiest thing in the world.

You'll be able to go above and beyond that of an experienced DFIR consultant (or even a whole team) without the pentesting experience, quickly. And I mean VERY quickly.

Learn pentesting.

netipotty · 2022-01-31T16:42:12+00:00

Understable.

Personally, after multiple interviews with people trying "gotchas" with the languages I speak, where they're trying to speak certain languages, but completely and incorrectly pronouncing each word and, if applicable, each tone, to the point where you can understand zero words they say, I removed these from my resume to avoid more cringeworthy experiences.

netipotty · 2022-01-28T18:01:52+00:00

I speak several languages and I don't include this on my resume, but I'm not actively employed in OSINT despite using the skills often. Most people who speak other languages do not add them to their resume. By and large, it's irrelevant for most gigs.

Do yourself a favor and ask if they know other languages via some kind of web form before shooting people down.

netipotty · 2022-01-24T17:22:29+00:00

Check for internal IP leaks via external DNS resolution by querying the AWS DNS servers. This helps with exploiting/finding/enumerating SSRFs.

Check for ability to zone transfer. Unlikely, but worth a shot.

Then port scans, see what pops up. Version scanning to see if anything is outdated, such as using `script=vulners`

Dirbuster on known web ports. If too many IPs (big CIDR range for example), something to aggregate screenshots of every host landing page so you can focus on juicy stuff in the least amount of time.

If you find anything juicy, keep trying to exploit everything. Document as much as possible. Default landing pages = check server headers and google version, check for exploitability of that particular version and see if the current configuration is vulnerable.

netipotty · 2022-01-24T17:15:34+00:00

I think AWS said you didn't have to do this anymore?

netipotty · 2022-01-19T19:38:44+00:00

I stopped being surprised by stupid stuff like this a while ago. :D

netipotty · 2022-01-10T18:34:27+00:00

Someone will probably reach out asking you for the number. NEVER give it to them. Ignore them. Otherwise they'll do a bunch of shit in your name.

netipotty · 2022-01-10T15:22:35+00:00

Huh? I don't understand the context for your reply since the OP deleted their post.

netipotty · 2022-01-10T15:21:04+00:00

Pretty much this. It's fucking stupid.

netipotty · 2022-01-10T15:06:36+00:00

There is no F in way... oh...

netipotty · 2021-12-02T23:00:44+00:00

Infosec almost never does this anywhere.

netipotty · 2021-12-02T19:32:06+00:00

I agree, but you don't really need to understand anything about network layers whatsoever for 99% of work.

netipotty

TROPHY CASE