Security Unit Validation
#appsec
@owasp
Sec Checklist:
API Json input
Tests:
*Sanitizer pre JSON deserialization
*Type restrictions
*Basic data types of possible
*Lock down scheme
*Data type specific bounds checking
*String most limited char set
*Json & string size limits
Hacking is a skill set
Hacking is a employable skill set
Hacking is a career path
Hacking is a culture
Hacking is a critical part of tech
Hacking is a type of innovation
My proTip if you speaking at
@DefCon
Make time to talk to the little people that come up and want to talk, if a big name $$vendor comes up and wants to have a long discussion->tell them to meet you tomorrow over lunch
Hold space and time for the young hackers : )
@David_Leavitt
@Costco
Thank you
@Costco
for escorting him out
Will you also prevent him from being a member while masks are required as he can't control him self
This occurred at the Gulf Coast Town Center location on 6/27 and one of the customers targeted said: "To give Costco the credit, they escorted him out and made me wait inside and monitored him until he left and then they send someone with me to the care to make sure I'm okay."
@MalwareTechBlog
@k8em0
A: fairly sure it is a nation state...
B: how do you know??
A: the code is super advanced but the operator seems to be legit retarded...
Julian Assange was taken into British custody
WikiLeaks posted videos/documents of USA solders murdering/torture people
WikiLeaks exposed the banking collapse was fake in Iceland, and was about to show it was fake in the US...
#FBI
Truth is now a revolutionary act
#Unity4J
If anyone is wondering about the infoSec drama : )
@AlyssaM_InfoSec
is a long-term good security community person, she is a hands on industrial power house.
Jonathan is known for making multiple fake security Reports/Research creating "fake news" used in main stream propaganda.
So this dude ignores that the guy who touched off this thread attacked women, said they can't be technical, then when he challenged me I went technical with him and he plagiarized a response. I didn't bring any mob, he created it himself. This is his "research".
Crypto Sec:
Hacker uses flash loan to buy a ton of tokens -> uses tokens to vote -> votes to steal all the money -> repays the loan with the tokens
BeanStalk hack
Beanstalk cryptocurrency project robbed after hacker votes to send themself $182 million
The attacker used a flash loan to obtain a controlling stake in the project, which runs on a majority vote governance system, a core feature of many DeFi protocols.
What's even more interesting is that tan(int) is *not* a random number generator. There's fascinating patterns in the data.
One way to look at it is: if tan(x) is very high, x is very close to a 90' or 270' angle. So if tan(x) and tan(y) are high, tan(x + 2y) is also high.
We did it
@DefCon
+
@OWASP
DefCon 26
Sold all the swag!
Talked to tons of young hackers!
Encouraged people down the WhiteHat road!
Connected with a ton of
@OWASP
'ers that are core
@DefCon
'ers
All the kind people at
@DefCon
and
@OWASP
helped me get to where I am.
Some with big legs up like training or support, some being kind and setting a good example, some just by researching and showing me what exploring is.
Community is how we built security : )
@hacks4pancakes
@3mm4h3ff
Areas of general knowledge
Development
TLS and web protocols
Web page design
Owasp top 10 (Targeted at web pages)
Local OS, setup lockdown
computer Forensic
Networking
File storage
Encryption
2F4
Web auth trust
Wifi
Malware
& Totally do focus on your area
Me AppSec/Re/Mal/....
Our Discord servers were briefly exploited today. The team caught and addressed it quickly. About 200 ETH worth of NFTs appear to have been impacted. We are still investigating, but if you were impacted, email us at discord
@yugalabs
.io.
@ethereumlodge
@SleepyKangaroos
@abudabu_dot_eth
@NFTherder
@discord
@princess_nft
Top recommendations to
Secure your Discord:
No user posted links
Limit bot&mods rights
Only Discord verified bots
Disable web hooks
2FA
Disable DM
Turn off friend requests
Don't use Discord for team coms
We will post mint on all
Twitter(@ ex) & website(ex .io) & Discord(ex)
@Infosec_Taylor
I use "Laundry facilities"
I get paid by the hour here, tell me more, I could use a rest
Where are you from, is the weather nice, it is always hot here
@H3KTlC
You are fighting a fight, most don't want to, and most can't
You are jumping into the Software Development Life Cycle SDLC, you are doing what must be done, you are asking the questions no one wants asked : )
You are Security Engineering
@IanColdwater
I agree infoSec twit is nice : )
We have cleaned house a few times and now it is fairly kind
If your a newB people help lift you up and encourage you
If you are inside crew and have a hard day, the love comes out hard to support you
Closest thing to a support group we have: )
Just now, the dormant yeast I collected this week from Ancient Egyptian artifacts (with help from
@drserenalove
and
@rbowman1234
) is being fed grain for the first time in four and a half thousand years. Here is the story:
#AncientBaking
@ClubYeast
Hey everyone
Nikita ->
@Niki7a
Is a core of our hacker community, and has done more than anyone I know to support new people, keep kind people, fight the bad
Would love to see a love interview/article: )
On how much of a light in our dark community she has been
@violetblue
?: )
Conspiracy Theory:
You know all the hacker
@DefCon
talks that say the patch is in place, and the vuln is closed....
What if there never was a vuln, but we all accept it is closed now : )
@MalwareTechBlog
PowerShell is a OS running a like .NET framework that compiles code on the fly.
It is legit crazy awesome
And once you flip it to code input, you realize it is a JIT compiler, and that is what .NET/C# is : )
This is what our government is paying to develop a COVID19 vaccine:
- $1.2 billion to AstraZeneca
- $483 million to Moderna
- $500 million to Johnson & Johnson
- $30 million to Sanofi
Once a vaccine is approved by the FDA, it must be available to all for free. No profiteering.
Blockchain Sec Recommendation:
Moving MetaMask ETH network off infura (ConSensys)
Change to -> Alchemy
Step:
*Make a Alchemy account
*Get API key
*Move MetaMask ETH network over
How to web guide:
How I help
@owasp
I give focused support to NewB's
I reach out to them, I loop them in conversations at Cons
I help them get a foot hold to the next level
I support their efforts
I am a on the ground friend
I try to be the community that helped me come up in Security : )
Hey
@Pornhub
We are going to have protest videos removed from other video sites
Would you open a hidden riot porn area for us to upload to??
Thanks for the idea
@stimulator
We need you
@Pornhub
@alicegoldfuss
@TerribleDev
I think/hope we have better acceptance for gender choices then OS
I still don't respect Mac people, gay sure no problem, but a Mac come on, but I can't say I like Windows any more .... A-OS
We had a number of fathers at
@appsecusa
asking how the diversity &
@OWASPWIA
projects could help support their daughters to attending
@appsecusa
: )
I was happy to tell them of all that we have to support them : )
Thanks
@owasped
and larger team : )
@FilmThePoliceLA
So the robot is as useful/useless as the real human police....
A waste of money, because the police do not serve or protect, they only enforce and abuse
How to become a community leader?
Do something amazing
Do something hard
Do something that takes a ton of time
Do something that drains energy
Do something scary
.....
-> then
Make it easy for someone else to pick it up.
Help someone quickly do what you did.
Show someone how-to
Connected with some amazing hackers and whiteHats from around the world!!!
Thanks
@DefCon
and
@OWASP
for making it possible : )
Thanks
@OWASPWIA
for leading the amazing Diversity projects in
@owasp
: )
I look forward to more next year
#hackerFam
: )
->
@DefConOWASP
: )
Hey friends
People will find things to criticize you about.
They are judging you by their life, and any difference is how you did it wrong.
Don't judge yourself by other's views : )
Find your strengths and focus on them
@shoe0nhead
Police are all Karens with guns
If you talk back to them they will scream "stop resisting" while they attack.
Police will call your manager and "report" you
Police == Karens