Every so often I'm asked "what tools should I learn to get a job with a red team?". There's no real answer, of course. Just learn how computer things work. For the stubborn, here's a list of handy (and buzzwordy) programs I use:. ssh.vim.go.perl.cc.kubectl.docker.aws.jq.

RT @HackingLZ: Whenever I see people say the red teaming should only use TI, it seems unusual because if you're mature enough to need a red….

Or a zero-length argv[0] >:).

I've never quite worked out why I frequently use single-character filenames, but I'm pretty sure hiding isn't part of it. Gonna have to switch to two letters. Or maybe /dev/shm/t\ or /dev/shm/$(printf '\x01') or something. Or good old fashioned /dev/shm/systemd-notmalwared.

bash -c 'exec -a " " ps awwwfux'. is right up there with I'm not touching yoooooou.

RT @bsidesbelfast: And we are GO for General Admission tickets for #bsidesbelfast25!.This year we're going for Donation tickets on the GA t….

Some people work on CFP submissions. Sometimes, though, the ADD wins. I'd be curious if the @bsidesbelfast submission site gets like a spike of POST requests at about five minutes before the deadline.

Nothing to see here. Definitely not something calling back to curlrevshell.

RT @dadgivesjokes: In Texas it’s illegal to serve pie without ice cream. As a matter of Texan pride; remember the à la mode.

RT @bsidesbelfast: Less than 2 days left! - Finish up that proposal ASAP and get it submitted to BSides Belfast 2025! #securitybsides #bsid….

RT @bsidesbelfast: Last week we opened our #bsidesbelfast25 #CFP, so if you want to speak about your work, experience, and (/or) love of al….

Detection on /bin/foo bar?. ln -s /bin/foo ./oof && ./oof bar.

Linux EDR seems to rely somewhat heavily on argv. Assuming that's true, shell built-ins, file redirection, pipes, and so on are fairly invisible. There's living off the land, but this is more living under the land. Conference talk, sounds like.

RT @Bolster: Second Early Bird Release for @bsidesbelfast at 1100!

Quite possibly the nicest BSides at which I've had the pleasure of speaking.

I discovered today. Turns out my memory span is slightly less than two years.

RT @openbsd: OpenBSD 7.7 is officially out now! 🐡 See what's new here:

I think a similar thing happened with new cars and "safety" features.

RT @CraigHRowland: @malmoeb Compromised Linux needs root cause analysis, and then burn the system to the ground when done and start over. T….

Me, at the end of a project: make(1) and doctl are not a good way to spin up infrastructure. Me, at the beginning of the next project: I only need a few Linux boxen, make(1) and doctl should be fine.

In a slight departure from tradition, this year I (think I) actually confirmed my @BSidesDublin talk. Looking forward to it :).