I love hacker toys, but don't love that they tend to sit on a shelf collecting dust for the majority of their lives. My goal for the runZero Hour anniversary "mystery machine" raffle was to provide something you actually want to use every day. Tune in Friday for the reveal and snag a limited runZero t-shirt if you sign up soon! https://www.runzero.com/research/runzero-hour/
home > posts
watchTowr Labs keeps things spicy in their recent post on Mitel MiCollab vulnerabilities: "Where There’s Smoke, There’s Fire - Mitel MiCollab CVE-2024-35286, CVE-2024-41713 And An 0day" - https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/
My session on "The Unreasonable Effectiveness of Inside Out Attack Surface Management" is starting in a few minutes and will showcase some simple (but useful!) tricks for finding sneaky network exposures: https://dr-resources.darkreading.com/free/w_runz04/
Hope to see you soon!
Hi folks! I'm thrilled to present runZero's latest applied research: "Inside Out Attack Surface Management". With IOASM you can immediately identify exposures that other approaches miss, with zero false positives, and no additional investment. Join me for a live demo on Wednesday, December 4th at 1PM EST: https://dr-resources.darkreading.com/free/w_runz04/
It was much easier to replace my ESXi lab servers with Proxmox than to download a security update[1. see alt text] for ESXi post-Broadcom. Now ESXi runs as a scan target inside of Proxmox and all is well.
Ben Reardon shared an awesome (and funny) post on the Corelight blog about his experience at the Black Hat USA NOC (2024) and his process for detecting runZero's SSHamble.com research scans in real-time. Rob and I had a great time chatting with Ben and getting to the see Black Hat NOC up close: https://corelight.com/blog/black-hat-usa-2024-noc-learnings
Happy Thanksgiving to my fellow US-ians. This is an annual reminder that Base64 can decode different input to the same output. "Secrets" decodes from U2VjcmV0cw==, U2VjcmV0cw=, U2VjcmV0cw, U2VjcmV0cx, U2VjcmV0c9, and sometimes U2V|jcm|V0c|9.
Base64 makes a bad hash or lookup key!
Hello Austin hackers! Tonight is the November AHA meetup (shifted back a week to avoid holiday overlap). Same place and time as usual (Mister Tramps, talks start at 7:00pm). Haven't been to an AHA before? Check out the meeting info (and bring a ~5-10m lightning talk): https://takeonme.org/ #infosec #hackers #atx
Good morning RowdyCon! I'm excited to share some serious NumberWang[1] with the San Antonio hacker crowd. RowdyCon is open to ALL students in a degree programs based in San Antonio (online or in-person). Registration is available at https://www.rowdycon.org/