For an internet-facing NGINX server:
- Keep ASLR enabled
- Use PIE-enabled binaries
- Enable stack canaries
- Keep SELinux/AppArmor active
- Minimize third-party modules
- Patch aggressively
- Use WAF/rate limiting
- Run workers with least privilege
If ASLR is disabled in production, it usually indicates one of the following:
- Legacy technical debt
- Specialized operational constraints
- Temporary debugging
- Security immaturity
- A forgotten old tuning change from years ago
@SwiftOnSecurity 5 mins on org policy. 10 is too lenient and allows us to slide into desks on red team engagements. New return to work environments and flex arrangements will only exacerbate this for adversaries.
The Ugly (2): A member of a startup incubator wanted to talk to me about AI pentesting. I told him if it's ML then it's probably written in R or Python. If it's AI, then it's in PowerPoint. He didn't get it. I explained. He walked away. Good luck with your automated pentesting!
Well this just got interesting!
Consider this our official call for training sessions?
Do you have formal content and hands-on exercises?
Send us an email with your class details.
#BSidesDFW now has opportunities for Friday Training/Classes.
Lets get this Texas hacker meetup started right... with a #badgelife badge drop!
First 5 people to find me and finish this phrase get a free badge "The stars at night are big and bright"...
#DEFCON30
I started a new fundraiser for @InnocentOrg. The item is a @SchoolPwn Breach Mode hoodie. Buy a hoodie and support a great cause! The Breach Mode logo is on the back and #IAm4ILF and the ILF URL on the left chest.
https://t.co/GSksSnhQe9
10 years ago @achillean launched the Shodan website! To celebrate a decade of discovery and growth we're going to offer the membership for $1 (marked down from $49) for the next 24 hours (0:00 UTC to 24:00 UTC): https://t.co/e6mRc8kQGt