JawnCon (https://jawncon.org/) 0x02 just wrapped! I wish I could make it this year, but settled for catching the talks on the live stream:
Main Stage Day 1: https://www.youtube.com/live/Cvf-mAdnPl0?lc=UgwMOtdPezSwFxO8Idx4AaABAg
Man Stage Day 2: https://www.youtube.com/watch?v=bcr6bCopBD4&lc=UgwosGFE2kBooWoQhVR4AaABAg
Classroom Day 2: https://www.youtube.com/watch?v=1aML2dzB9YI&lc=UgyhvLYDwsDpJ6UqHa94AaABAg
Hello Austin Gophers! Join us tonight, Wednesday, October 8th, 2025 for two hours of lightning talks and discussion at the ATX Go meetup. This is hosted by Capital Factory and runs from 6:30 PM to 8:30 PM central (with pizza and drinks!): https://www.meetup.com/atxgolang/events/305492512/
#SectorCa 2025 is fantastic! I last attended in 2008 and holy cow has it grown. Great to see Brian and Bruce still involved. Excellent talks, really sharp crowd, zero attitude, and everyone is incredibly friendly. You can find the slides from my morning keynote at https://hdm.io/decks/Sector-25-Moore-TheOnceAndFutureRules-FINAL.pdf
Hello #SecTor! 🍁 Rob King's presentation starts NOW in Room 716B:
"Pay No Attention to the Device Behind the Curtain: Banned tech doesn’t always stay banned. Rob shows how to detect white-labeled and counterfeit gear using Internet-scale methods & protocol quirks."
Hello Austin Gophers! Join us tonight, Wednesday, September 10th, 2025 for two hours of lightning talks and discussion at the ATX Go meetup. This meetup is hosted by Capital Factory and runs from 6:30 PM to 8:30 PM CDT (with pizza and drinks!): https://www.meetup.com/atxgolang/events/305492508/
I chased an intermittent DNS bug for two weeks and for once, it was not DNS:
"PF states limit reached"
If you use opnsense/pfsense, the default state table size of 1.6m can sneak up on you when your network is full of scans. Poking around with `pfctl -si` and setting a much healthier max with aggressive expiration made everything happy again.
Related, runZero handles this problem by actively tearing down middle-box state tables during SYN scans, which ironically means sending twice as many packets, but having a much lower impact on the network as a result.
Hello Austin-area software engineers (or aspiring engineers)! Join us tonight, Wednesday, August 13, 2025 for two hours of lightning talks and discussion at the ATX Go meetup. The focus tonight is on infosec/cybersecurity/hacking tools written in Go, but all Go-related talks are welcome.
This meetup is hosted by Capital Factory and runs from 6:30 PM to 8:30 PM CDT (with pizza and drinks): https://www.meetup.com/atxgolang/events/305492505/?slug=atxgolang&eventId=305492505
If you missed this talk at BH/DC last week, it's worth a read: "From Spoofing to Tunneling: New Red Team's Networking Techniques for Initial Access and Evasion". Awesome work from Shu-Hao, Tung (123ojp) covering practical attacks on GRE and VxLAN tunnels: https://media.defcon.org/DEF%20CON%2033/DEF%20CON%2033%20presentations/Shu-Hao%20Tung%20-%20From%20Spoofing%20to%20Tunneling%20New%20Red%20Team%27s%20Networking%20Techniques%20for%20Initial%20Access%20and%20Evasion.pdf (repo: https://github.com/123ojp/GREtunnel-scanner & wp https://i.blackhat.com/BH-USA-25/Presentations/USA-25-Tung-From-Spoofing-To-Tunneling-New-wp.pdf)
Blue Team Con (@BlueTeamCon) is only three weeks away! I'm excited to share "The Death and Rebirth of Vulnerability Management", an analysis of coverage, tradeoffs, and efficacy across vulnerability scanners, endpoint agents, and open source security tools.
https://blueteamcon.com/directory/the-death-and-rebirth-of-vulnerability-management/
Thank you to everyone who made it out for my DEF CON 33 presentation, "Shaking Out Shells With SSHamble", you can find the materials online at https://hdm.io/decks/MOORE%20-%20Shaking%20Out%20Shells%20With%20SSHamble.pdf
This deck includes some lightly-censored zero-day and I recommend tossing `sshamble scan -u root,admin,guest 22,24442,2222,70,222,10022,10399,2022,22222 --interact=all` at your local network to see what shakes out =D
(PS. You can find most of my presentations at https://hdm.io/)