Are you dreading going back to your current job? Come work at Canva! We've got a heap of security roles open and are looking for smart driven people that want to be a part of Canva's journey! Australia Remote - Happy to discuss remote international. https://t.co/7GaM3K5bek

https://t.co/7GaM3K5bek Canva is hiring for a variety of roles - if you are good at computer please apply!!

We're currently hiring for Red Team - if you are a strong contender looking for a change please reach out to me via DM and we can chat further.

Rocking it 80s style: + pcap file + analyzed using tcptrace + graphed with xplot + displayed via X11 over TCP/IP This was the ultimate tech stack. It has all been downhill since this.

Two years of work, freely open sourced to the community. These people are just legends.

Stop uploading your address book to social media sites. It’s not your data!

real brainiac release from the @assetnote team -

what’s the word for when you’re very smart but can’t remember anything and know literally nothing

@SushiDude

woot! @crikeycon VII presenters are live... my first irl keynote in over a year - psyched to catch my home country up on what all has shifted in our industry over the past 8 years, and where it's going next... https://t.co/xSbHnyjP9t

#ff @adammein @libber @haroonmeer @scarybeasts @sergicles @laparisa @dkulshitsky @dinodaizovi @jefftreuhaft @kym_possible @cloudjunky @jhaddix @k8em0

The password spraying and credentials stuffing season is about to begin...

I’m giving out 40 PentesterLab PRO licenses. I hope you all have a great Christmas. Just comment why you think you should have one and I’ll pick some people. Stay frosty.

#realtalk

Anyone I know can connect me with the security team at Sky or BT in the UK?

The more time I spend internal at an organization the more I realize being “good” at security is far easier than actually designing something securely.

Remember never to `curl` a URL and pipe it to your shell: instead, download the installer, and keep clicking yes.

If you ever have an admin panel like /admin/endpoint that returns a 401 try and see if you can do /admin/bruteforce/samevalidendpoint I’ve seen several php applications where an attacker can enumerate administrative routes. 1/2

Update Your iOS Devices Now — 3 Actively Exploited 0-Days Discovered

In the conclusion: "this research provides strong evidence that early disclosure of exploit code gives attackers a leg up." Nice graphic on how vuln events unfold. "Only 16% of the CVEs studied followed the most common sequence of Reserved-Patched-Scanned-Published-Exploited."