borari

Yes, vim.

No. You can have control over specific parameters of an SQL query though. Look up insecure direct object reference vulnerabilities.

Consider a website that uses the following URL to access the customer account page, by retrieving information from the back-end database: https://insecure-website.com/customer_account?customer_number=132355 Here, the customer number is used directly as a record index in queries that are performed on the back-end database. If no other controls are in place, an attacker can simply modify the customer_number value, bypassing access controls to view the records of other customers.

Every German person I’ve ever met talks so confidently about shit that you just kinda assume they know what they’re talking about, until they start talking about a domain you’re an expert in and you realize they’re actually kinda dumb but with good vocabulary.

lol. You mean vba macros.

My coworker was having difficulty starting and is trying to commit to finding at least one hour a day during the week, and that’s been pretty successful for them. My issue is that I get completely consumed by it. Like ignore my family, ignore food, ignore everything, get off work at 5pm and rip offsec until 1am, rinse, repeat, and I’m like enjoying life and other hobbies and stuff right now lol.

Is there any specific offsec course/cert you’re trying to get going on? I’m super privileged in that my employer pays for the Learn Unlimited, so it’s easier to slack off on the training. When I was self-paying for individual courses it was much easier for me to hold myself accountable because I only had 90 days of lab access, and it was my money on the line.

I’m not currently working on anything projects or anything. I’m slowly getting back in to the OffSec training grind. I took a “short break” while working on my OSED over a year ago and am just now hopping back into it. I’ve already got my OSCP/OSEP/OSWE, so really gunning for this OSED for the OSCE^3. It has been extremely difficult to get back into a routine of doing training every day.

It’s wild to see Chrome going from the browser to use if you had any tech sense whatsoever to being universally derided.

Safari also has it built in. This person is just saying shit to say shit I guess.

Exactly this.

@uranibaba@lemmy.world, I self host my media server, my *aars, my Usenet client, Home Assistant, dns server, and have some loud af r710s for standing up test AD and simulated network environments. My website is hosted on Google Cloud, moved from AWS bc free tier ran out and g cloud is like $0.42 a month. It’s just whatever makes sense for the thing being hosted.

deleted by creator

Damn. You’ve given me a vision of a future where people call applications that are installed locally and don’t leverage any cloud/server backend for any functionality “self-hosted” programs and I hate it.

It is pretty easy. There’s tons of tutorials and walkthroughs for doing it, but anyone familiar with UIs will be able to work it out pretty quickly I think. Maybe a friction point in using the filter query, but again there’s tons of walkthroughs and guides for using it online.

If you can’t conceptualize a packet, or sockets, or network flows, even with the help of online guides/manuals, I guess it wouldn’t be easy. In that case I’d be wondering why someone would want to use those tools in the first place though, as then they probably wouldn’t have the skills necessary to leverage the information gleaned from the tool in any useful way.

Edit - As we’re in the self-hosted community, I’d argue that anyone who is self-hosting anything would probably be able to easily install wireshark and view http requests, both individual packets and the stream as a whole.

I have one degree of personal separation from Brian Krebs, it makes me feel way cooler than it probably should lol.

Here I’ve built software that can detect the difference between good guys and bad guys, it uses Artificial Intelligence.

My dude. You are not a serious person. I’m blocking you so I don’t waste my time with you in the future. Enjoy your life I guess.

Wow you found three different articles, all about the same CVE, that the manufacture published a firmware patch for before any public disclosure was made. That’s definitely just as bad as pretending you don’t know about CVEs in your products lol.

You presented one that doesn’t have security vulnerabilities? Here’s yet another CVE out for trendnet: https://nvd.nist.gov/vuln/detail/CVE-2018-19239

Every. Single. Brand. Has. CVEs. I’ve used Mikrotik, I’ve used Cisco, I’ve used Juniper, I’ve used Ubiquiti. I have a trendnet Poe switch in my attic powering some cameras and an AP right now. I have no “problem” with any brand of anything.

I do have a problem with you implying that a company doesn’t take security seriously when they do. I start to think you’re intentionally lying when you lift up trendnet as the model, because they have quite an especially atrocious history of it.

https://www.rapid7.com/db/modules/exploit/linux/misc/cisco_ios_xe_rce/

We can go back and forth on RCEs literally all day. If your bar for using a product is “no RCEs”, get off the grid entirely my guy.

MikroTik is just as serious a network company as Cisco or Juniper, and vastly more serious from an enterprise networking point of view than trendnet.

Also where tf did OP mention anything about warranties?

Edit - https://medium.com/tenable-techblog/trendnet-ac2600-rce-via-wan-8926b29908a4

Edit - https://www.archcloudlabs.com/projects/trendnet-731br/

Edit - lol holy shit look how customer focused trendnet is! They just plugged their ears and pretended an unauthenticated RCE in their product didn’t exist haha. https://arstechnica.com/information-technology/2015/04/no-patch-for-remote-code-execution-bug-in-d-link-and-trendnet-routers/

Edit - oof yikes look there’s more. https://www.nccgroup.com/us/research-blog/technical-advisory-multiple-vulnerabilities-in-trendnet-tew-831dr-wifi-router-cve-2022-30325-cve-2022-30326-cve-2022-30327-cve-2022-30328-cve-2022-30329/

deleted by creator

deleted by creator