[+] timb_machine: @fl1bbl3 @n0x00 @vysecurity +1 for maturity. VA + pentest + red team should be cumulative. Not one or other.

[+] timb_machine: kill("KILL", @SCCM); # No further comment required :(

[+] timb_machine: @OpenBSD_src To wit, here's a corresponding patch I knocked up for glibc some time ago: https://labs.portcullis.co.uk/blog/fixing-the-links-hardening-the-linker/

[+] timb_machine: @OpenBSD_src Victory of sorts...

[+] timb_machine: RT @OpenBSD_src: benno@ modified libexec/ld.so/path.c: Do not interpret an empty path as current working directory "." when parsing LD_LIBR…

[+] timb_machine: @obscuresec @carnal0wnage @egyp7 Can the spoofed IP trigger the bulkget? Assume you can check if you have tcpdump on there...

[+] timb_machine: @info_dox @CarlGottlieb @sleepycal It's a market. Feel free to move around.

[+] timb_machine: @CarlGottlieb @sleepycal @info_dox Learn something that's not pen testing first. I did dev, service provider admin,… https://twitter.com/i/web/status/876744085285076992

[+] timb_machine: RT @emd3l: Bass code is online https://github.com/Cisco-Talos/BASS - Slides available asap @reconmtl #RECon17 #reconmtl

[+] timb_machine: RT @portcullislabs: Friday fun, chmod -R u-s,g-s / and see what breaks: https://labs.portcullis.co.uk/blog/unix-and-linux-setuid-advice-and-guidance/ (please don't try this in production)

[+] timb_machine: @jonty @necrofiber @sudosev @emfcamp @portcullislabs @Arronandir will be conducting the official flag ceremony with… https://twitter.com/i/web/status/875731984613601281

[+] timb_machine: @jonty @necrofiber @sudosev @emfcamp @portcullislabs Boooo! Have a good summer, post-escape :)

[+] timb_machine: RT @secvalve: To every girl in Infosec who tells me they're "not good enough" to present: YOU ARE. You are not an imposter. You deserve it…

[+] timb_machine: @domchell @iseezeroday @ReverseICS The one I'm thinking of was a copyright string. Basically you assign copyright b… https://twitter.com/i/web/status/875424682329219072

[+] timb_machine: @domchell @ReverseICS Not that, I'm thinking of something down in a protocol. Funny story, @iseezeroday did somethi… https://twitter.com/i/web/status/875423678388948992

[+] timb_machine: @ReverseICS Didn't someone (I want to say Oracle) do this to "limit" ability to reimplement another protocol.

[+] timb_machine: @necrofiber @sudosev @emfcamp Having tented for many years, the @portcullislabs crew are taking a 6 birth RV. I kno… https://twitter.com/i/web/status/875420608036777985

[+] timb_machine: @sudosev @necrofiber SHA 2017 is awesome (well OHM, HAR, WTH etc were). Also @emfcamp next year \o/

[+] timb_machine: @portcullislabs @CiscoSecurity Welcome to a brave new world :)

[+] timb_machine: RT @portcullislabs: https://wiki.scn.sap.com/wiki/display/Security/Acknowledgments+to+Security+Researchers - @CiscoSecurity gets a mention :)

[+] timb_machine: @MalwareJake @gsuberland Comments?

[+] timb_machine: $interesting ++; # So Virgin Media now have disclosure process... improvement on 2013

[+] timb_machine: @joernchen Good, I am very much reassured. I presume that you are just jealous of the Pottering intelligence.

[+] timb_machine: @Defalt_Mk2 Dirbuster's?

[+] timb_machine: @SonOfSunTzu Ack.

[+] timb_machine: $team =^ 5; # When a junior member of the team finds the default vendor creds and pops the mainframe :)

[+] timb_machine: @SonOfSunTzu Opportunity to restock the local gene pool too.

[+] timb_machine: @bugch3ck It's alright, I'm fairly sure the mainframe that the embedded device controls has no real value...

[+] timb_machine: $attacksurface = ("Apache", "lighttpd", "Jetty", "Tomcat"); # Why have 1 type of web server on your embedded device, when you can have 4...

[+] timb_machine: @StegoPax @Bitquark Sadly it is unlikely to be the likes of you and I who have most to fear, but yes.

[+] timb_machine: @StegoPax @Bitquark As long as you look "right" and you're not the most egregious of offenders, chances are you'll… https://twitter.com/i/web/status/872323636178407425

[+] timb_machine: @StegoPax @Bitquark More seriously, most laws get enforced in a manner that follows the government of the day's own prejudices.

[+] timb_machine: @StegoPax @Bitquark Well, they can't catch/lock us all up and even if they could, well it's the government, name a… https://twitter.com/i/web/status/872322775230361600

[+] timb_machine: @StegoPax @Bitquark <cynic>Maybe incompetence and numbers also.</cynic>

[+] timb_machine: @spacerog Words for our generation... "it was all over Slashdot"

[+] timb_machine: @fbz Ack.

[+] timb_machine: @fbz LOL. Just put 2 and 2 together. Worked with Oliver.

[+] timb_machine: @fbz @KnitYak Excited.

[+] timb_machine: @ericlaw @hanno Snap.

[+] timb_machine: @hanno Not sure there is anything defined and a decent history of resultant bugs.

[+] timb_machine: @LargeCardinal @MalwareTechBlog Yup. Security domain is a niche. That said, so are other domains from outside. Ever… https://twitter.com/i/web/status/871696247803006976

[+] timb_machine: @LargeCardinal @MalwareTechBlog Hire smart people who've worked other parts of the business/tech stack.

[+] timb_machine: @homakov Yup. So no more authentication on any app? That's the logical end play to your argument.

[+] timb_machine: @homakov Could you not make the same (wrong) case regarding web apps... I mean, most access is from laptops and tablets these days...

[+] timb_machine: Really enjoying dumb fuck pronouncements from the ill-informed about my city and my country. Save your politics for another day.

[+] timb_machine: @Mrkcrwthr @Conservatives Very differing campaign material... can only be based on one thing. Not as bad as during… https://twitter.com/i/web/status/871126331257487360

[+] timb_machine: .@Conservatives Still persuing a strategy of racially profiling voters in London? Wife gets letter from x whilst I get pamphlet from y.

[+] timb_machine: @daveaitel Almost certain approach to murder hasn't been "it's already happening, better legalise".

[+] timb_machine: @lazytyped Quite.

[+] timb_machine: RT @jamesjammcmahon: Next week's Kerrang! is one of the most important issues we've ever made. Don't miss it. On sale, Wednesday, June 7 ht…

[+] timb_machine: @RichFelker @paxteam A source patch that wasn't GPL licensed would be technically/legally doable albeit problematic if not done right...

[+] timb_machine: @RichFelker @paxteam Assuming code is still GPL licensed...

[+] timb_machine: @RichFelker @paxteam Nothing to stop subscriber releasing but there would be nothing to force any related support contract to be renewed.

[+] timb_machine: @RichFelker @paxteam By not putting it on their web site.

[+] timb_machine: @RichFelker @paxteam They're entitled to that position. Noone ever said GPL prevented limited initial distribution by developers.

[+] timb_machine: @hackerfantastic Also, to qualify, are you proposing to chase them out of your home or chase them back into theirs?

[+] timb_machine: @hackerfantastic No. They clearly have less ethics to begin with.

[+] timb_machine: @hackerfantastic @mcflyhh @halvarflake Unconvinced.

[+] timb_machine: #justanotherstockhackerphoto #thisisyourfirewall https://t.co/WnjraqTwzu

[+] timb_machine: @jonty ;)

[+] timb_machine: RT @UKLabour: We are committed to supporting the beautiful game. We will invest 5% of all football’s TV revenue in grassroots football. RT…

[+] timb_machine: @faultywarrior @bigendiansmalls @mainframed767 LOL.

[+] timb_machine: @andreasdotorg Systemd implements, breaks.

[+] timb_machine: @nrathaus @sawaba @hdmoore Fat ELF never took off.

[+] timb_machine: @nrathaus @hdmoore Ask a leading question... it's not like WannaCry didn't hammer home the point.

[+] timb_machine: @nrathaus @hdmoore I know :(

[+] timb_machine: @hdmoore Everyone will already have blocked 445/tcp though, no?

[+] timb_machine: @matalaz In most cases, it will be outside of registrar policy (if anything). Particular registrars may have local… https://twitter.com/i/web/status/867285379900112897

[+] timb_machine: @msuiche @blackswanburst Did the Mutex change?

[+] timb_machine: write("HTTP/1.1 200 OK\nX-Encrypted: 0\n\n<key material>\n\n"); # The key server is sending session key in plain text HTTP #notwcry #sadly

[+] timb_machine: @paperghost @davidrook Any commentary about such events tells you more about commentators politics than it offers practical value.

[+] timb_machine: @CiPHPerCoder Business logic?

[+] timb_machine: @hackerfantastic @LauriLoveX @malwaretech Why would the black list prevent spread? Host still resolves and results in 200, no?

[+] timb_machine: @twitter->mute($uninformed_speculation); # I love the race to tar, feather and then ambulance chase malware victims

[+] timb_machine: @cynicalsecurity s/pop/persist on/g

[+] timb_machine: @cynicalsecurity NCs actually had RISC OS in ROM. Bar physical access, pop that.

[+] timb_machine: @ropnop I'll add that to my list of reasons to hate Python.

[+] timb_machine: @cynicalsecurity Not the only ones. ISTR Sun had something similar and then of course there was ill-fated Network C… https://twitter.com/i/web/status/862723357917184000

[+] timb_machine: @4Dgifts @tqbf @matthew_d_green Weirdly similar to how we do it

[+] timb_machine: OH: "I for one would like to welcome America's new Russian overlords"

[+] Sponsored: 64% off Code Black Drone with HD Camera

[+] sodnpoo.com - u8plus smart watch quick teardown and uart

[+] Guido Vranken

[+] SAP System Directories on UNIX - SAP NetWeaver by Key Capability - SAP Library

[+] Vlad Tsyrklevich's blog

[+] Pentester.es

[+] nVisium Blog

[+] Finding Bad Characters with Immunity Debugger and Mona.py « Bulb Security

[+] Active Directory Security » Active Directory, Security, PowerShell, Tech Notes, & Geek Trivia...

[+] Mainframe Security – Thoughts and Techniques on a new/old platform

[+] Travis Goodspeed's Blog

[+] A brief look at the Acer ChromeBook #2

[+] A brief look at the Acer ChromeBook #1

[+] Dead bugs society

[+] A brief look at the RIM PlayBook

[+] Breaking cpau, a dummies guide

[+] Bypassing the Android pattern lock

[+] Introducing VulnApp

[+] Exploiting the Linux linker

[+] Dumping Samba hashes

[+] Defcon 18 CTF qualifiers: who is the h4x13st h4x0r of them all