Earlier this week I gave a talk to our internal hacking teams about the difference between good hackers and great ones that have been able to impact our field. I included three extended quotes - two from writers and one from Hamming that influenced my approach early on. Maybe

I know some folks might be trying to squeeze their BlackHat training courses into a budget number. Perhaps this could help. (Link in the next tweet.). Also our WiFi training is pretty good ;)

RT @sensepost: Adriaan was struggling to get an interactive shell on the *nix application server he had popped, so he wrote a turn-based mi….

It's been a long time since someone showed me a new way to shell. Nice work Adriaan!.

A banned PyPI account and a big old bug bounty later Felipe wrote a tool to uncover nested dependency problems from GitHub repos.

RT @sensepost: After @felmoltor argued about dependency confusion & supply chain attacks & was confused with the feasibility of doing this….

RT @leonjza: Great thread that challenges what you know about modern WiFi hacking. The next iteration of our @BlackHatEvents Las Vegas cour….

RT @halvarflake: My short impulse talk from Cycon has been published:

RT @Stealthsploit: Following my @securityfest talk yesterday I've released Hashcatalyst, a wrapper that helps automate non-distributed work….

When you see @Zero_ChaosX RT your wifi hacking post. (This is also his opportunity to remind everyone how badly I did at WCTF 😅)

RT @njcve_: Pentesters and Bug hunters in the UK!. Come and join the UK HackerOne Club for regular meetups, hackathons and talks all relati….

If you’d like to learn the trade and not just the tricks - join us at BlackHat USA FIN

More importantly, have you built and architected your wifi networks to be defensible against someone that actually understands how the protocols work, and can modify what they’re doing in the face of obstacles? 6/7.

Even if you’re doing some old fashioned WPA2 handshake cracking, do you know what it means when you only get frames 1 & 3 and how to handle it? Do you have a process for handshake cracking that moves you beyond getting lucky? 5/7.

An otherwise well implemented corporate AP setup can still be vulnerable to certificate validation problems that would allow you to impersonate a legitimate AP and capture credentials. (10:28) 4/7.

Very few people seem to know that PEAP relay gives you network access without needing to crack a password or for the victim to be onsite. (17:12) 3/7.

Finding clients across the massively increased spectrum of 5/6/7Ghz needs different approaches if you want to be successful with a single wifi card on a pentest. (2:33) 2/7.

Wifi hacking can be a useful tool, but people are out here grinding on WPA2 handshake cracking tutorials & menu driven attack tooling. When @sensepost built the 3rd iteration of our wifi hacking course for @BlackHatEvents - we did it to show what really works & how it works. 1/7

RT @VortimoTech: Our morning.

RT @dcuthbert: How it started. How it's going.