Windows PrivEsc Guide. Good summary with basic approaches. Some links to more juicy stuff at the bottom. https://sec-consult.com/en/blog/2019/04/windows-privilege-escalation-an-approach-for-penetration-testers/
#Ansible role to bootstrap a @Hetzner_Online Cloud VM with an encrypted rootfs. It's ugly and not idempotent, but does the job pretty well. SSH hostkeys management included. Most of it can be used for other hosters/bare metal. https://github.com/msgpeek/ansible-role-hetzner-encrypted-rootfs
More emergencies, Internet Archive
The Internet Archive had been experimenting with a digital lending library, and when covid severely limited public libraries, the IA started allowing unlimited checkouts (which essentially mean they allowed piracy of their book scans)
This was probably a huge mistake, but now four of the biggest publishers are suing the IA
Losing this means archive.org goes down
FabLab's #IoT OCTOPUS board is in stock again! #esp8266 https://www.tindie.com/products/FabLab/iot-octopus-badge-for-iot-evaluation/
^ Author had to reintroduce a vulnerability to successfully exploit on #HardenedBSD:
"All the previously detailed techniques will no
Great writeup on the evolution oft the Bisonal RAT https://blog.talosintelligence.com/2020/03/bisonal-10-years-of-play.html?m=1
Gems in Mexico's hotels. #CiderSecCon2020
Blog post "Attacking Jenkins": https://msgpeek.net/blog/2020/02/attacking-jenkins/
I wrote down common mistakes and security problems I encountered during reviews of build systems based on #Jenkins. Credits for review: @carloz_spicey
Uploaded my slides from "Attacking Jenkins" talk at #unfuck2019: msgpeek.net/slides/attacking-jenkins-unfuck2019-16-11-2019, blogpost will follow during the next days.
CiderSecurityCon ticket sale is open: https://cidersecuritycon.de/posts/2020/01/21/tickets_tickets_tickets.html Get 'em while it's hot!
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!